Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pup.optional.tarma.a infection


  • Please log in to reply
10 replies to this topic

#1 TimB48

TimB48

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 11 August 2013 - 04:23 AM

I have a PC which has been exhibiting behaviour of a virus or similar over the last couple of weeks. It appears to function normally for the most part, except when browsing the internet, when doing so I am often redirected to something called 'babylon' as a search engine. There are many 'pop ups' suggesting there is something wrong with the PC and directing me to a site to correct the problem etc. Also when dialling in to it remotely it kicks me off after a minute or so.

I have run Malwarebytes and it reports several instances of pup.optional.tarma.A., which presumably is the root cause of the problems.

OS is Windows 7 Home Premium SP1.

Your help in dealing with this problem would be greatly appreciated.

 

TiMB48



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 11 August 2013 - 05:34 AM

Hi -

Download Security Check by Screen317

  • Save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

 

 

Please download AdwCleaner by Xplode onto your desktop.

* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on Delete.
* Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically, and a log file will open after the restart.

* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

 

Scan your machine with ESET OnlineScan
This is best done with Internet Explorer, but directions are here for other browsers -

1 .Hold down Control and click HERE to open ESET OnlineScan in a new window.
2 .Click the ESET Online Scanner button.
3 .NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1 .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2 .Double click on the ESET Online Scanner icon on your desktop.

 

 4 .Check "YES, I accept the Terms of Use."
 5 .Click the Start button.
 6 .Accept any security warnings from your browser.
 7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as"ESETScan".
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button

 

Thanks -



#3 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 11 August 2013 - 04:08 PM

I have followed your instructions, numerous problems appear to have been dealt with. I am unable to attach the log for security check as I am unable to locate the checkup.txt file anywhere on the PC. I am forwarding the other logs though.

 

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 17:28:33
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk
File Deleted : C:\END
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\5928bdab13bed44
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5928bdab13bed44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbgldkjohmeimlapiahkhkbeoohlflnk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

*************************

AdwCleaner[S1].txt - [5363 octets] - [11/08/2013 17:28:33]

########## EOF - C:\AdwCleaner[S1].txt - [5423 octets] ##########

 

 

C:\Program Files (x86)\VideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\User\AppData\Roaming\DSite\UpdateProc\updatetask.exe Win32/DownWare.E application cleaned by deleting - quarantined
C:\Users\User\AppData\Roaming\Video Converter Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\User\Documents\Downloads\DLLOpener.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\User\Documents\Downloads\ImproveSpeedPC (1).exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\User\Documents\Downloads\ImproveSpeedPC (2).exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\User\Documents\Downloads\ImproveSpeedPC.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Users\User\Documents\Downloads\VideoConverterSetup.exe a variant of Win32/InstallCore.BQ application cleaned by deleting - quarantined
C:\Users\User\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined
C:\Users\User\Downloads\Setup.exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\amsnsetup_v1.0.1.3124 (1).exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\amsnsetup_v1.0.1.3124.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\Installer_Regwork (1).exe a variant of Win32/Adware.RegRevive.A application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\Installer_Regwork (4).exe a variant of Win32/Adware.RegRevive.A application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive.A application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\SocialNetworksSetup (1).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\SocialNetworksSetup (2).exe multiple threats cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\SocialNetworksSetup (3).exe multiple threats cleaned by deleting - quarantined
C:\Users\User\Vet's Pets Downloads\SocialNetworksSetup.exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined

 

Look forward to hearing from you soon.

 

Regards,

 

TimB48
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 11 August 2013 - 04:38 PM

Re run this for more information.

Right click > Delete any old version on your desktop.

 

Download Security Check by Screen317

* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* When finished, a Notepad document will open automatically called checkup.txt

* Please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

Thank You -



#5 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 12 August 2013 - 08:01 AM

Security check report as requested.

 

 Results of screen317's Security Check version 0.99.72 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 28.0.1500.72 
 Google Chrome 28.0.1500.95 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Regards,

 

TimB48
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 12 August 2013 - 06:42 PM

Hi -

We seem to have removed a lot of infections with those scans.

I would like to run one more to find a bit more information and then you should be able to clean up

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open once this is downloaded
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

Babylon / Wajam / and Tarma Installer all seem to be on related infected systems, but are now gone.

Tell me how the computer problems are now.

 

Thanks -



#7 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 13 August 2013 - 02:31 AM

Mini Toolbox log as requested.

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by User (administrator) on 13-08-2013 at 08:21:51
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
Broadcom 802.11n Network Adapter = Wireless Network Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : EC-55-F9-CF-00-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
   Physical Address. . . . . . . . . : 00-21-CC-05-68-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::90d0:5ca:f0b7:84ea%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.40.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 13 August 2013 07:59:19
   Lease Expires . . . . . . . . . . : 16 August 2013 07:59:18
   Default Gateway . . . . . . . . . : 192.168.40.1
   DHCP Server . . . . . . . . . . . : 192.168.40.1
   DNS Servers . . . . . . . . . . . : 212.23.3.100
                                       212.23.6.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : AC-81-12-98-24-31
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CEC09407-B2C0-4D8C-963A-EF28D7A4487C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8EB32B2A-E613-4867-953A-F1B18A096174}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E6F7D428-8AE2-48D3-96C1-9313E6B7C6C7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:bc:3384:3f57:d7ec(Preferred)
   Link-local IPv6 Address . . . . . : fe80::bc:3384:3f57:d7ec%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns.lb.mbr-roch.zen.net.uk
Address:  212.23.3.100

Name:    google.com
Addresses:  2a00:1450:4009:807::1006
   173.194.41.98
   173.194.41.99
   173.194.41.100
   173.194.41.101
   173.194.41.102
   173.194.41.103
   173.194.41.104
   173.194.41.105
   173.194.41.110
   173.194.41.96
   173.194.41.97

Pinging google.com [173.194.41.66] with 32 bytes of data:
Reply from 173.194.41.66: bytes=32 time=22ms TTL=55
Reply from 173.194.41.66: bytes=32 time=22ms TTL=55

Ping statistics for 173.194.41.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 22ms, Average = 22ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  212.23.3.100

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=271ms TTL=47
Reply from 98.138.253.109: bytes=32 time=224ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 224ms, Maximum = 271ms, Average = 247ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...ec 55 f9 cf 00 10 ......Bluetooth Device (Personal Area Network) #2
 15...00 21 cc 05 68 12 ......Realtek PCIe GBE Family Controller #2
 14...ac 81 12 98 24 31 ......Broadcom 802.11n Network Adapter
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.40.1    192.168.40.19     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.40.0    255.255.255.0         On-link     192.168.40.19    266
    192.168.40.19  255.255.255.255         On-link     192.168.40.19    266
   192.168.40.255  255.255.255.255         On-link     192.168.40.19    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.40.19    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.40.19    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     58 2001::/32                On-link
 18    306 2001:0:5ef5:79fb:bc:3384:3f57:d7ec/128
                                    On-link
 15    266 fe80::/64                On-link
 18    306 fe80::/64                On-link
 18    306 fe80::bc:3384:3f57:d7ec/128
                                    On-link
 15    266 fe80::90d0:5ca:f0b7:84ea/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 15    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/13/2013 08:00:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 01:38:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 05:32:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 09:53:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 08:26:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 08:04:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 09:25:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 01:50:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 00:21:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 05:12:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8402.0, time stamp: 0x5156197e
Faulting module name: VBE6.DLL, version: 6.5.10.54, time stamp: 0x4f85ffc9
Exception code: 0xc0000005
Fault offset: 0x000091a8
Faulting process id: 0x1a40
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

System errors:
=============
Error: (08/12/2013 01:37:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/12/2013 01:37:23 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 8 service failed to start due to the following error:
%%1053

Error: (08/12/2013 01:37:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.

Error: (08/11/2013 05:31:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/11/2013 05:31:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (08/11/2013 05:31:11 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (08/11/2013 11:50:33 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/11/2013 11:50:32 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/11/2013 11:50:32 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/11/2013 11:50:31 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (08/13/2013 08:00:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2013 01:38:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 05:32:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2013 09:53:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 08:26:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2013 08:04:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 09:25:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2013 01:50:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2013 00:21:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2013 05:12:40 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8402.05156197eVBE6.DLL6.5.10.544f85ffc9c0000005000091a81a4001ce92bf777357a4C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL03c213f0-feb3-11e2-b8e1-0021cc056812

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Bluetooth Manager (Version: 1.0.00.08100)
Bluetooth Notice (Version: 1.0.00.08130)
Broadcom Wireless Utility (Version: 5.100.9.14)
Canon MP540 series MP Drivers
CCleaner (Version: 4.04)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CrossLoop 2.82 (Version: 2.82)
D3DX10 (Version: 15.4.2368.0902)
DLL Opener (Version: 0.1)
DLL Player 0.1 (Version: 0.1)
ESET Online Scanner v3
Files Opened (Version: 1.0)
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 6.2.0.5905)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2253)
InterVideo WinDVD 8 (Version: 8.0.20.194)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.2.0 (Full) (Version: 8.2.0)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.2000)
Lenovo Driver and Application Installation (Version: 5.10.1809)
Lenovo Dynamic Brightness System (Version: 4.0.00.22080)
Lenovo Eye Distance System (Version: 4.0.00.21090)
Lenovo LVT Detect Program (Version: 1.0.0.0)
Lenovo Power2Go (Version: 6.0.3720)
Lenovo Rescue System (Version: 3.0.1409)
Lenovo Screensaver (Version: 1.0.5.101222)
Lenovo USB2.0 UVC Camera (Version: 1.00.0000)
Lenovo YouCam (Version: 3.1.3428)
LVT (Version: 4.1.2.0919)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MC907 (Version: 6.14.10407)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyPC Backup  (Version: )
Norton Internet Security (Version: 20.4.0.40)
PDFCreator (Version: 1.2.0)
Picasa 3 (Version: 3.9)
PrintMaster 16 (Version: 16.00.0000)
Qtrax Player
Qtrax Player (Version: 1.00.0001)
Realtek Ethernet Controller Driver (Version: 7.31.1025.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6267)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30121)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.20.0)
Shockwave
Skype Click to Call (Version: 6.10.13089)
Skype™ 6.2 (Version: 6.2.106)
SRS Premium Sound Control Panel (Version: 1.11.1900)
TeamViewer 8 (Version: 8.0.19617)
ThemeWallpaper (Version: 1.2.0.091030)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Video Converter
Video Converter Packages
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA  (11/12/2010 6.14.10.407) (Version: 11/12/2010 6.14.10.407)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WorksDatabaseConverter

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 4003.69 MB
Available physical RAM: 2053.94 MB
Total Pagefile: 8005.57 MB
Available Pagefile: 5718 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.7 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:440.59 GB) (Free:392.7 GB) NTFS
2 Drive e: (ArtDisc1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator            ASPNET                   Guest                   
User                    

========================= Minidump Files ==================================

**** End of log ****

 

 

As far as I can judge the PC is functioning normally, no browser redirection, no pop ups etc.

 

Regards,

 

TimB48



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 13 August 2013 - 05:41 AM

Programs and all look reasonable - Errors are only minor -

 

The only thing I can see now is your Hosts file needs resetting 

http://go.microsoft.com/?linkid=9668866  < Click on the link, click Run and follow the basic instructions

It will only run for a minute and thats all -

 

I will watch this topic for a few days just in case you find another problem -

 

Good luck -



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,057 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:20 AM

Posted 13 August 2013 - 07:18 AM

I have run Malwarebytes and it reports several instances of pup.optional.tarma.A., which presumably is the root cause of the problems.

FYI: Tarma Installer is a utility used to create software installers for Windows which allows customization of all installer actions. It is generally used by developers to distribute their software. See this review provied at Softpedia.com.

A PUP detection means a "Potentially Unwanted Program". PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading. PUPs may be defined somewhat differently by various security vendors. This is what Malwarebytes has to say: What are the 'PUP' detections, are they threats and should they be deleted?.

Please contine to follow any instructions provided by noknojon
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 13 August 2013 - 08:15 AM

noknojon,

thanks for your assistance in dealing with these problems, I have used the microsoft fixit tool to reset the host's file and all appears to be well.

Should any further problems occur I will post a fresh message.

Many Thanks,

 

TimB48



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:20 PM

Posted 13 August 2013 - 05:53 PM

@ TimB48

:busy: Stay safe and watch for any extras offered with downloads.

Many of these minor problems are included with programs where you do not expect them.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users