Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange IE behaviour after installing Icon Maker from CNet


  • Please log in to reply
24 replies to this topic

#1 yhelfman

yhelfman

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 16 November 2013 - 05:36 PM

I would expect software downloads/installs from CNET to be safe ... after I downloaded Icon Maker from CNET yesterday, while installing in my Norton Antivirus popped up multiple times with various detections ... I got bunch of unwanted products installed that I did not agree to and did not see options whether or not to install them ... aftterwards I uninstalled all I could find by date from Control Panel Uninstall Programs section ... but ever since IE will not find http://yahoo.com ... and when I go to http://mail.yahoo.com it complains on my Java not being the latest, and redirects me to a Java Update site which does not look genuine Oracle URL. I appreciate your help to clean things up. Yuval



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 16 November 2013 - 09:17 PM

Hi -

Re : CNet and their Add Ons. This is well known now and most Cleaners will remove them -

 

Read this while you use the nex programs How To Temporarily Disable Your Anti-virus

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear. (10 to 60 seconds is average)
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

Now -

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Shut down your protection software now to avoid potential conflicts.
* Please download Junkware Removal Tool to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

 

Last -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

Thank You -



#3 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 16 November 2013 - 10:06 PM

Thanks for your reply!

 

Security Check gave this text message:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

even though I'm running Win 7, and the download page mentions it is supoorted ...

 

After running these tools, my Internet Explorer still cannot go to http://yahoo.com or http://www.yahoo.com. While the browser is trying to find it, it displays on the title "ieframe.dll" if this is helpful. 

 

Here are the logs:

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2013 06:28:57 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/16/2013 06:30:00 PM
Execution time: 0 hours(s), 1 minute(s), and 3 seconds(s)

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 18:32:42
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : yhelfman - YHELFMAN-LENOVO
# Running from : C:\Users\yhelfman\Desktop\Yuval Bleeping\AdwCleaner\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\yhelfman\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\searchplugins\bingp.xml
File Found : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\searchplugins\Conduit.xml
File Found : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\user.js
Folder Found : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Folder Found : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Folder Found : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}
Folder Found : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\Extensions\{aad50c91-b136-49d9-8b30-0e8d3ead63d0}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\DealPlyLive
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\DealPlyLive
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\yhelfman\AppData\Local\Conduit
Folder Found C:\Users\yhelfman\AppData\Local\DealPlyLive
Folder Found C:\Users\yhelfman\AppData\Local\filetypeassistant
Folder Found C:\Users\yhelfman\AppData\Local\Temp\CT3153924
Folder Found C:\Users\yhelfman\AppData\LocalLow\Conduit
Folder Found C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\CT3153924
Folder Found C:\Users\yhelfman\AppData\Roaming\OpenCandy
Folder Found C:\Users\yhelfman\AppData\Roaming\strongvault
Folder Found C:\Users\yhelfman\Documents\optimizer pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DealPlyLive
Key Found : HKCU\Software\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DealPlyLive
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\smartbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Found : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DealPlyLive
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jonjajmpblmjkhjemkalbddhodlehkfg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Found : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\prefs.js ]

Line Found : user_pref("CT3153924.FF19Solved", "true");
Line Found : user_pref("CT3153924.UserID", "UN34925636472047616");
Line Found : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3153924.fullUserID", "UN34925636472047616.IN.20131115095244");
Line Found : user_pref("CT3153924.installDate", "15/11/2013 09:52:46");
Line Found : user_pref("CT3153924.installSessionId", "{4C22ED3C-5833-4BCD-992E-FA621E117738}");
Line Found : user_pref("CT3153924.installSp", "TRUE");
Line Found : user_pref("CT3153924.installerVersion", "1.7.1.7");
Line Found : user_pref("CT3153924.keyword", "true");
Line Found : user_pref("CT3153924.originalHomepage", "hxxp://www.msn.com/?pc=U018&ocid=U018DHP&dt=062613");
Line Found : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Found : user_pref("CT3153924.originalSearchEngine", "Bing");
Line Found : user_pref("CT3153924.originalSearchEngineName", "");
Line Found : user_pref("CT3153924.searchRevert", "false");
Line Found : user_pref("CT3153924.searchUserMode", "2");
Line Found : user_pref("CT3153924.smartbar.homepage", "true");
Line Found : user_pref("CT3153924.versionFromInstaller", "10.22.3.18");
Line Found : user_pref("CT3153924.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultenginename", "Connect DLCS Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLCS Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&CUI=UN34925636472047616&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "Connect DLCS Customized Web Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource=61&CUI=UN34925636472047616&UM=2&UP=SP6A53BFDA-EED9-4BAF-BE44-69A007C190EE&SSPV=");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN34925636472047616&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN34925636472047616&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3153924&octid=CT3153924&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN34925636472047616&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.machineId", "VGR/11BXOWBARADFNTVTBJ+U2WIPFLZ5JKBSB341BQNXSZJRHDSVWP7E50NQ9IMNOXYXZKBBGOX4XPY4JBEFRA");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN34925636472047616&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15220 octets] - [16/11/2013 18:32:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15281 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by yhelfman on Sat 11/16/2013 at 18:46:36.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE0AC2DD-E4E9-4760-84CF-F9C503C5B6A3}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\yhelfman\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\yhelfman\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\yhelfman\appdata\local\{3B19C57C-55F6-4DC6-B114-6866AE9A21B1}

 

~~~ FireFox

Emptied folder: C:\Users\yhelfman\AppData\Roaming\mozilla\firefox\profiles\ycfbu1br.default\minidumps [7 files]

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\yhelfman\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\yhelfman\appdata\local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/16/2013 at 18:51:42.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 17 November 2013 - 01:02 AM

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Read this  How To Temporarily Disable Your Anti-virus

 

See above for this note, that I made a point of highliting in Red ......

 

"Note: If a security program requests permission to access the Internet, allow it to do so."

I / we use this program all the time and it is 100% safe. Please ignore and run it -

 

* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
 

 

You have only completed half of this item above ......

 

Also this program is killing your system - optimizer pro
 

 

Thank You -


Edited by noknojon, 17 November 2013 - 01:11 AM.


#5 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 17 November 2013 - 02:44 AM

Hi,

I have Symantec Endpoint Protection, and I made sure it is disabled before I ran all the tools you instructed me to (right-click and select disable).

Regarding AdwCleaner, I went through all the steps ... I must have posted the wrong log, as it created two of them (one before the clean and one after). I no longer have the second log after the cleaning. So I reran AdwCleaner and here's the log after the clean:

Regarding "optimizer pro" - I can't find it in my installed programs ... do you still see it and if so how do I remove it?

 

# AdwCleaner v3.012 - Report created 16/11/2013 at 23:35:27
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : yhelfman - YHELFMAN-LENOVO
# Running from : C:\Users\yhelfman\Desktop\Yuval Bleeping\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\prefs.js ]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15410 octets] - [16/11/2013 18:32:42]
AdwCleaner[R1].txt - [1063 octets] - [16/11/2013 23:35:01]
AdwCleaner[S0].txt - [15289 octets] - [16/11/2013 18:36:23]
AdwCleaner[S1].txt - [986 octets] - [16/11/2013 23:35:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1045 octets] ##########



#6 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 17 November 2013 - 03:00 AM

I had better luck with SecurityCheck this time. Here's the log:

 

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45 
 Java SE Development Kit 7 Update 9
 Adobe Flash Player 11.9.900.117 
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48 
 Google Chrome 31.0.1650.57 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 17 November 2013 - 05:35 AM

Please download Malwarebytes' Anti-Malware (aka MBAM) from Here
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is also automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with a prompt to Reboot and let MBAM proceed with the disinfection process, if asked to Restart the computer, please do so immediatly.
 

 

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
- b - Double click on the  icon on your desktop.

4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as "this will take some time" (first time scans are always longer).Over 2 hours usually.
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Last -

Please post a snapshot with Speccy for details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only post the link)

 

 

Back in about 12 hours to give you plenty of time.

 

Thanks -



#8 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 17 November 2013 - 11:29 PM

Hi,

 

Here are the logs and links:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
yhelfman :: YHELFMAN-LENOVO [administrator]

11/17/2013 9:02:49 AM
mbam-log-2013-11-17 (09-02-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271573
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 23
C:\Users\yhelfman\Desktop\SoftonicDownloader_for_mpeg-vcr.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\Foxit ReaderUpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\ICReinstall_SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\MozillaUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\Notepad++UpdateSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsdE8FB.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsi652C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsj4644.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsn391A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsnDE8C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nst4C9D.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\nsw189F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\SkypeUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\DIQM\Setup_151\Setup_V.170796263a.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\DIQM\Setup_151\setup__120.exe (PUP.Optional.Amonetize.AS) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\DIQM\Setup_151\software\Setup.exe (Trojan.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\DIQM\Setup_151\software\Webcake.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\is1852162411\8652204_Setup.EXE (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\is1852162411\dp.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\AppData\Local\Temp\QS\Installer.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.
C:\Users\yhelfman\Downloads\ImgBurnSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\ieLogic.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Roaming\OpenCandy\6E77C2AA8A934676AC55ADA4B0E0E2AC\AVG_Toolbar_CB_ALL_p3v3.exe.vir a variant of Win32/OpenCandy.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Roaming\OpenCandy\6E77C2AA8A934676AC55ADA4B0E0E2AC\OCBrowserHelper_1.0.6.125.exe.vir a variant of Win32/OpenCandy.A application cleaned by deleting - quarantined
C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\FileZilla ClientUpdateSetup.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\FirefoxUpdateSetup.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\ImgBurnUpdateSetup.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\tbConn.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\DIQM\Setup_151\software\StrongVault.exe MSIL/Adware.StrongVault.A application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\is1852162411\1931416_Setup.EXE Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\is1852162411\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Roaming\1O1L1I1PtF1F1C1N\ImgBurn Free Download Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\yhelfman\AppData\Roaming\Image Editor Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\yhelfman\Downloads\AnyVideoConverterSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined
 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by yhelfman (administrator) on 17-11-2013 at 20:18:13
Running from "C:\Users\yhelfman\Desktop\Yuval Bleeping\MiniToolBox"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = Local Area Connection 5 (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
TAP-Win32 Adapter V9 = vpn (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?7 subinterface=ethernet_6 mtu=1477
add address name="Local Area Connection* 25" address=192.168.56.1 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : yhelfman-Lenovo
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.pace.com

Ethernet adapter Local Area Connection 5:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-58-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::38f5:89c7:aff9:727d%37(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.114.125(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 621281319
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-D3-AA-7F-F0-DE-F1-CB-EB-3C
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vpn:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-34-27-4D-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
   Physical Address. . . . . . . . . : 60-D8-19-C9-3C-EE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:b00b:bfb0:7806:4fc1:c62d:f2f3(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:304:b00b:bfb0:e187:abd1:f380:d345(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7806:4fc1:c62d:f2f3%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 17, 2013 9:14:49 AM
   Lease Expires . . . . . . . . . . : Monday, November 18, 2013 9:14:50 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : F0-DE-F1-CB-EB-3C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.EVR100:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A84A3160-83C0-48CA-B789-A51ABB0F9BD2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.pace.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{34274D0D-13BD-4392-B2FA-ED208DD5CFC5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4005:802::1009
   74.125.239.39
   74.125.239.37
   74.125.239.38
   74.125.239.40
   74.125.239.36
   74.125.239.41
   74.125.239.33
   74.125.239.46
   74.125.239.35
   74.125.239.34
   74.125.239.32

Pinging google.com [74.125.239.130] with 32 bytes of data:
Reply from 74.125.239.130: bytes=32 time=80ms TTL=55
Reply from 74.125.239.130: bytes=32 time=53ms TTL=55

Ping statistics for 74.125.239.130:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 53ms, Maximum = 80ms, Average = 66ms
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=83ms TTL=48
Reply from 206.190.36.45: bytes=32 time=75ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 83ms, Average = 79ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 37...08 00 27 00 58 cc ......VirtualBox Host-Only Ethernet Adapter
 17...00 ff 34 27 4d 0d ......TAP-Win32 Adapter V9
 15...60 d8 19 c9 3c ee ......1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
 13...f0 de f1 cb eb 3c ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 30...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.65     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.114.125    276
  169.254.114.125  255.255.255.255         On-link   169.254.114.125    276
  169.254.255.255  255.255.255.255         On-link   169.254.114.125    276
      192.168.1.0    255.255.255.0         On-link      192.168.1.65    281
     192.168.1.65  255.255.255.255         On-link      192.168.1.65    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.65    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   169.254.114.125    276
        224.0.0.0        240.0.0.0         On-link      192.168.1.65    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   169.254.114.125    276
  255.255.255.255  255.255.255.255         On-link      192.168.1.65    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 15     33 2602:304:b00b:bfb0::/64  On-link
 15    281 2602:304:b00b:bfb0:7806:4fc1:c62d:f2f3/128
                                    On-link
 15    281 2602:304:b00b:bfb0:e187:abd1:f380:d345/128
                                    On-link
 37    276 fe80::/64                On-link
 15    281 fe80::/64                On-link
 37    276 fe80::38f5:89c7:aff9:727d/128
                                    On-link
 15    281 fe80::7806:4fc1:c62d:f2f3/128
                                    On-link
  1    306 ff00::/8                 On-link
 37    276 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/17/2013 08:16:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2013 09:49:48 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Adware.DealPly in File: C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/17/2013 09:47:55 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Adware.BL in File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file was deleted successfully.

Error: (11/17/2013 09:33:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2013 09:33:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2013 09:15:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 11:39:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/16/2013 11:37:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/17/2013 09:15:17 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Error: (11/16/2013 11:37:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.

Error: (11/16/2013 11:20:46 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/16/2013 07:53:25 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{86F151DD-55D0-4130-8938-8E7A7BA10C69}.
The backup browser is stopping.

Microsoft Office Sessions:
=========================
Error: (11/17/2013 08:16:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\yhelfman\Desktop\Yuval Bleeping\ESET\esetsmartinstaller_enu.exe

Error: (11/17/2013 09:49:48 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Adware.DealPly in File: C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Roaming\Mozilla\Firefox\Profiles\ycfbu1br.default\Extensions\{906000A4-88D9-4D52-B209-7A772970D91F}\chrome\content\dealplyshopping.xul.vir by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (11/17/2013 09:47:55 AM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Adware.BL in File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir by: Auto-Protect scan.  Action: Cleaned by Deletion.  Action Description: The file was deleted successfully.

Error: (11/17/2013 09:33:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\yhelfman\Desktop\Yuval Bleeping\ESET\esetsmartinstaller_enu.exe

Error: (11/17/2013 09:33:20 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\yhelfman\Desktop\Yuval Bleeping\ESET\esetsmartinstaller_enu.exe

Error: (11/17/2013 09:15:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2013 11:39:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\yhelfman\Desktop\SoftonicDownloader_for_mpeg-vcr.exe

Error: (11/16/2013 11:37:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-01-01 00:36:54.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:54.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:54.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-01 00:36:53.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 3.9.0.1210)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Any Video Converter 5.0.7
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AT&T Connect Participant Application v8.9.35 (Version: 8.9.35)
Broadcom InConcert Maestro (Version: 1.0.1.1500)
Burn.Now 4.5 (Version: 4.5.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco WebEx Meetings
Conexant 20672 SmartAudio HD (Version: 8.32.23.2)
Conformiq Designer (Version: 4.5.4)
Corel Burn.Now Lenovo Edition (Version: 4.5.0)
Corel DVD MovieFactory 7 (Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0)
Corel WinDVD (Version: 10.0.5.828)
Create Recovery Media (Version: 1.20.0.00)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder (Version: 1.00.0000)
DMUninstaller
DVD Decrypter (Remove Only)
ESET Online Scanner v3
Fabasoft Folio Cloud Plug-in (Version: 13.0.6047)
File Type Assistant (Version: 2013.4.8.0)
FileZilla Client 3.7.3 (Version: 3.7.3)
Foxit Reader (Version: 6.1.1.1025)
Genie Backup Assistant (Version: 8.0.364.534)
Genie Backup Manager (Version: 9.0)
Google Apps Migration For Microsoft Outlook® 2.3.14.36 (Version: 2.3.14.36)
Google Apps Sync™ for Microsoft Outlook® 3.4.360.960 (Version: 3.4.360.960)
Google Chrome (Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.9.0.1216 (Version: 5.9.0.1216)
HandBrake 0.9.9 (Version: 0.9.9)
Image Converter (Version: 1.0.0)
Image Editor Packages
ImgBurn (Version: 2.5.8.0)
ImgBurn Free Download Packages
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (Version: 1.1.0.1147)
Integrated Camera TWAIN (Version: 1.0.11.1223)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2321)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 9 (Version: 1.7.0.90)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.10)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo Patch Utility (Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (Version: 1.0.4)
Lenovo SimpleTap (Version: 2.1.0003.00)
Lenovo Solution Center (Version: 2.2.002.00)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (Version: 5.03.0005)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo User Guide (Version: 1.0.0008.00)
Lenovo Warranty Information (Version: 1.0.0005.00)
Lenovo Welcome (Version: 3.00.006.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Encoder 3 (Version: 3.0.1332.0)
Microsoft Lync Web App Plug-in (Version: 4.0.7577.190)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MP4-Converter 4.3.8 (Version: 4.3.8)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Notepad++ (Version: 6.5)
NVIDIA 3D Vision Controller Driver 296.16 (Version: 296.16)
NVIDIA 3D Vision Driver 311.00 (Version: 311.00)
NVIDIA Control Panel 311.00 (Version: 311.00)
NVIDIA Graphics Driver 311.00 (Version: 311.00)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA Optimus 1.0.21 (Version: 1.0.21)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1100)
NVIDIA Update Components (Version: 1.0.21)
On Screen Display (Version: 6.70.00)
OpenVPN 2.2.2 (Version: 2.2.2)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Oracle Web Conferencing Console
PMB (Version: 5.8.02.10270)
POV-Ray for Windows v3.62 (Version: 3.62)
Power Manager (Version: 6.36)
Python 3.3 pywin32-218
Python 3.3.2 (Version: 3.3.2150)
Quality Center Client Side (Version: 10.0.0.0)
RapidBoot (Version: 1.11)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
RICOH_Media_Driver_v2.14.18.01 (Version: 2.14.18.01)
ScorpionSaver Services (Version: 1.0.0.0)
Sierra Wireless Card Detection Service (Version: 1.0.2991.2  )
Skype™ 6.10 (Version: 6.10.104)
Symantec Endpoint Protection Small Business Edition (Version: 12.0.1001.95)
TeamViewer 8 (Version: 8.0.22298)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.1500)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad UltraNav Driver (Version: 15.3.8.0)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkPad Wireless LAN Adapter Software (Version: 1.00.0029.8)
ThinkVantage Access Connections (Version: 5.98)
ThinkVantage Active Protection System (Version: 1.73)
ThinkVantage AutoLock (Version: 1.03)
ThinkVantage Communications Utility (Version: 2.07)
ThinkVantage Fingerprint Software (Version: 5.9.9.7282)
TortoiseSVN 1.7.5.22551 (64 bit) (Version: 1.7.22551)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VIP Access (Version: 2.0.5.13)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (Version: 12/21/2010 11.8.84.0)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (Version: 09/10/2010 9.2.0.1011)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016) (Version: 11/20/2010 9.2.0.1016)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021) (Version: 12/21/2010 9.2.0.1021)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (Version: 11/11/2010 1.61.00.11)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (Version: 05/19/2011 15.3.8.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
X-Lite 4 (Version: 45.7.0569)
XML Notepad 2007 (Version: 2.3.0.0)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
yEd Graph Editor 3.9.2 (Version: 3.9.2)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 12241.23 MB
Available physical RAM: 8641.37 MB
Total Pagefile: 24480.65 MB
Available Pagefile: 20880.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:448.67 GB) (Free:246.49 GB) NTFS
3 Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.21 GB) NTFS

========================= Users: ========================================

User accounts for \\YHELFMAN-LENOVO

Administrator            Guest                    UpdatusUser             
yhelfman                

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

Speccy snapshot: http://speccy.piriform.com/results/8K80RSewmEx1Ott4N4b55Kt



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 18 November 2013 - 12:46 AM

Hi -
There were some very nasty infections listed there as well as the "SoftonicDownloader" that is the same as the "CNet" add-on.

Trojan.DomaIQ was about the worst from MBAM.

optimizer pro was removed along the track as we worked -

 

The results of the MiniToolBox report were a bit dull, and are below =>

CodeIntegrity Errors: These were mainly older items (Date: 2013-01-01)
Microsoft Office Sessions: Generally cleaned the older (already deleted) items.
System errors: Mainly complained about Symantec, as do many computers.
Application errors: These want you to do another update of Symantec and a Full scan.

 

You seem to have removed a lot of smaller problems that may have (together) created larger problems.

 

Here is the Oracle Java Site , while this one is the Sun Java Site (both 100% OK).
Java is a set of several computer software products and specifications from Sun Microsystems (which has since merged with Oracle Corporation) to now be basically the same company .....

 

If your system is now operating fairly well, I would update Malwarebytes Anti-Malware and run a Full scan, then update your Symantec Antivirus, and also run a Full scan -

 

Please tell me of your computers current problems, if any -

 

Thank You -



#10 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 18 November 2013 - 12:57 AM

While I'm following your latest instructions, just wanted to point out that the original problem still exists: that is Internet Explorer still refuses to go my home page: http://yahoo.com with a standard "Internet Explorer cannot display the webpage". And also when I'm in mail.yahoo.com things don't look right from the user interface ... like maybe it's the Java that got attacked or temperred with ... I did not read in your last post if my Java software seems to be genuine and the latest ... can you please check? What else can be done for this problem? Perhaps uninstall and reinstall IE?



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 18 November 2013 - 05:03 AM

It is odd to do this with Windows 7 and Internet Explorer 9 while the usual problem is with I.E. 10.
Based on that, we often reset "backwards" from 10 back to 9 -
 

OK -

Reset Internet Explorer (the easy way)

1. Click on => http://go.microsoft.com/?linkid=9646978
2. In the File Download dialog box, click Run, and then follow the steps in the wizard.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer finishes applying default settings, click Close, and then click Close again.
5. Reboot for the reset to take full effect -

 

 

Now run sfc /scannow - This will take (on average) 20 minutes.

1. Go - Start > Accessories > and find Command Prompt :

2. Right click on it, and select "Run as an administrator".
3. Once Command Prompt is open, type sfc /scannow and then press Enter.
Note: There's a space between sfc and /scannow.
4. System File Checker will now verify the integrity of every protected operating system file on your computer.
5. Restart your computer regardless if sfc /scannow did actually repair any files.
Note: System File Checker may or may not prompt you to restart but even if it doesn't, you should restart anyway.

 

 

If you wish to do a full Disk Check while we are scanning =>

Run a Disk Check on your C: drive in Windows Vista or Windws 7:
• Click the Start button and select Computer

• Right-click on C:(or your main drive letter) and select Properties

• Click on the Tools tab

• Under Error-checking click the Check Now... button and click Continue at the UAC prompt

• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors

• Click on the Start button

• When the message box pops up, click the Schedule disk check button and Restart your computer

• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) up to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started as you will lose data and may damage the computer.
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages -

 

Thanks -



#12 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 18 November 2013 - 12:23 PM

Hi,

 

I ran a full scan of MALB and Symantec, after updating both first. MALB log is below. Symantec only found one coockie problem and cleaned it. During the scan of MALB, I got a few pop-ups from Internet Explorer: one that says "You need to update your Java. Ok", another one that shows a suspicious URL of Java update site (neither one of Sun/Oracle once), and another window of an Ad with some audio. Based on this I'm pretty sure my IE is not completely clean yet :( 

 

Before I follow the IE reset per your instructions from last email, mine is actually 9 and not 10. I have downgraded it awhile ago for work purposes. So please let me know if I still need to do the reset, or should I upgrade to 10? If I can just save my favorites, wipe it all out, and then reinstall IE, I'll appreciate it.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
yhelfman :: YHELFMAN-LENOVO [administrator]

11/17/2013 10:00:25 PM
mbam-log-2013-11-17 (22-00-25).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550750
Time elapsed: 1 hour(s), 26 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 67
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\chLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\ctbe.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\ffLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\spch.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\spff.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\statisticsStub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\yhelfman\AppData\Local\Temp\CT3153924\stub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)



#13 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 18 November 2013 - 01:08 PM

I took a screenshot of my Yahoo mailbox and uploaded it to htp://netvalu.net/temp/YahooMail.jpg for you to see.

The Delete-Move-Spam-More links should be displayed on top of the emails and not messy like this.

 

An unwanted widow on IE says "World of WARPLANES" and invites you to download it. The link is:

http://na.wargaming.net/play-wowp-1/en/?utm_campaign=8550_&utm_medium=1988&utm_source=399&sid=T%3DnUok6LRU76nHRCU5UO2tYgfa9n6wXe4B%21P%3D0BZ4JWk4GXLs0ZpwFpTPlA8DnMKkHj--4BS4Pe2CYX5P-TGNevQBo9T6vON1lTMxu8nJ_0otoT0pVyw4dsf8Ii6t60JVo6md8LsKLMJXLmZ7qsHKVAQYDl93D7Cblo-HSitGNnOvDXU

 

I think I also got some pop-ups complaining that there are multiple javascripts on this page, and asking me if I'd like to enable reading one script in the future. It also mentioned that the site may not work properly due to a cross-site scripting.

 

I compared the IE behavior to my other browsers: Firefox and Chrome. They seem to work fine and not having these symptoms.

 

Next time I get any suspicious popus regarding Java updates, I'll make sure to copy the suspicious link and send you as well. I really hope this can be fixed.



#14 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:04:34 PM

Posted 18 November 2013 - 03:58 PM

While in mail.yahoo.com suddenly the browser got redirected to a "page not found" with the following suspicious link:

 

ttp://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&site=1707328&section_code=INSERT_SECTION_CODE_HERE&pub_url=(null)&pub_redirect_unencoded=1&pub_redirect=click_url



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:34 AM

Posted 18 November 2013 - 04:03 PM

Hi -

ttp://ad.yieldmanager.com/st?

This line is a basic Hosts file redirect -

Windows7 Hosts file restore. Click here and follow the basic directions=> http://go.microsoft.com/?linkid=9668866

 

I will post the rest in 5 minutes -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users