Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected


  • This topic is locked This topic is locked
34 replies to this topic

#1 margolis

margolis

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 17 July 2014 - 11:50 PM

Hi,

Thanks in advance for your help.

My daughter uses this computer and I have no idea what she may have gotten in to.

I am running Windows 7 Home Premium.

I have McAfee Total Protection.

McAfee has detected and quarantined or removed various threats.

I have also been using Malwarebytes over the years, but had not run recently.

I recently tried to run malwarebytes and it will not update and then windows gives me an error with a Problem signature:
 Problem Event Name:    APPCRASH.

I went to malwarebytes forums to try to figure it out, but it led me back to BleepingComputers, so I figured I would continue here. You folks have helped me several times over the years and for that I am grateful.

Again thanks for any help you can provide.

Alan


Edited by hamluis, 30 July 2014 - 04:46 PM.
Moved from AII to MRL per request - Hamluis.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 18 July 2014 - 05:09 AM

Hi margolis

I have also been using Malwarebytes over the years, but had not run recently.
I recently tried to run malwarebytes and it will not update and then windows gives me an error with a Problem signature:

There is a new version of MBAM out now.
To avoid any possible conflicts, i suggest you remove the old version and then reinstall the latest version.
  • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  • Restart your computer (very important).
  • Download and run mbam clean
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts..........
    • Download Malwarebytes Anti-Malware Free and save it to your desktop
    • Double click the desktop icon, click Run, then OK
    • Click Next
    • Select I accept the agreement then continue to click Next then finally click Install
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
    • Click Finish
    • If you are notified the Database is out of date click Update Now

      mbamnew_zpsdc989cc1.png
    • Click Scan Now >>
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    .

    (Copy to clipboard for pasting into forum replies)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab >> Application Logs.

      mbamapplog_zps222887ef.png
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'

      mbamhis_zps7bfe6503.png
    • Paste the contents of the clipboard into your reply.

BBPP6nz.png


#3 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 July 2014 - 12:29 AM

Greetings Starbuck,

Thank you for your time.

I followed your instructions but I could not get Malwarebytes to update before it crashed.

Below is the crash report.

Please advise if you have some directions.

Thanks

Alan

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    mbam.exe
  Application Version:    1.0.0.532
  Application Timestamp:    53518532
  Fault Module Name:    MSVCR100.dll
  Fault Module Version:    10.0.40219.325
  Fault Module Timestamp:    4df2be1e
  Exception Code:    40000015
  Exception Offset:    0008d6fd
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033
  Additional Information 1:    8374
  Additional Information 2:    83748d7ce6919cf452bf5c3838e036f3
  Additional Information 3:    2e01
  Additional Information 4:    2e01b10c887fd7f971b05773252074ee

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 



#4 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 24 July 2014 - 12:31 AM

Sorry it took so long for me to respond. I did not have my notifications set properly.



#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 24 July 2014 - 12:04 PM

Hi margolis

Sorry it took so long for me to respond. I did not have my notifications set properly.

No problem at all.

Please download MiniToolBox and save it to your Desktop.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click and select "Run as Administrator".

Checkmark following radio buttons:
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
Click Go the results will appear as a txt file on your Desktop.
Please copy & paste this report in your next reply.

Thanks

BBPP6nz.png


#6 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 25 July 2014 - 09:43 PM

Thanks Starbuck,

Here are the results from the instructions you provided.

Alan

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by User (administrator) on 25-07-2014 at 19:40:34
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/25/2014 03:35:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (07/25/2014 02:30:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 01:09:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (07/24/2014 00:38:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2014 10:31:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x8f4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/23/2014 10:25:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xc44
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/23/2014 10:12:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2014 10:05:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x13b4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/23/2014 10:02:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2014 06:33:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x174
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (07/25/2014 02:29:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/25/2014 02:29:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (07/25/2014 02:28:41 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/25/2014 02:28:32 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/25/2014 02:28:32 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/24/2014 00:38:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/24/2014 00:38:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/24/2014 00:37:32 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (07/24/2014 00:37:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/24/2014 00:36:57 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-03-14 23:05:27.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-14 23:05:27.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-14 23:05:27.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-17 18:10:10.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-17 18:10:10.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-17 18:10:10.332
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-18 22:31:28.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-18 22:31:28.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-18 22:31:28.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-18 22:31:28.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.



 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
=========================== Installed Programs ============================
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.6 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,251,0 - Adobe Systems Incorporated)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.04 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (x32 Version: 8.0.1 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 Templates (HKLM-x32\...\PremElem80Templates) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 Templates (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AI Direct Link (HKLM-x32\...\{C312984C-E386-4C2D-B33E-7B54355FB16E}) (Version: 1.00.24 - )
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.03 - ASUSTeK)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM-x32\...\Braid) (Version:  - GameStop)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPU Level Up (HKLM-x32\...\{DCDC9660-55C9-4FBA-9840-72C54D39138D}) (Version: 1.00.03 - )
DefaultTab (HKLM-x32\...\DefaultTab) (Version: 1.3.1.0 - Search Results, LLC)
DVDFab 6.2.0.2 Beta (09/11/2009) (HKLM-x32\...\DVDFab 6_is1) (Version:  - Fengtao Software Inc.)
DVDFab Platinum 4.0.5.5 Ghosthunter release (HKLM-x32\...\DVDFab Platinum 4_is1) (Version:  - )
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.01.17 - )
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (x32 Version: 1.3.59.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Muvizu:Play - Heroes and villains (HKCU\...\MuvizuHeroesAndVillains) (Version:  - Digimania Ltd)
Muvizu:Play - Heroes and villains Lairs (HKCU\...\MuvizuHeroAndVillainLairs) (Version:  - Digimania Ltd)
Muvizu:Play - Lighting Presets (HKCU\...\MuvizuLightingPresets) (Version:  - Digimania Ltd)
Muvizu:Play - Prisons (HKCU\...\MuvizuPrisons) (Version:  - Digimania Ltd)
Muvizu:Play - Rosie (HKCU\...\MuvizuRosie) (Version:  - Digimania Ltd)
Muvizu:Play - Trains (HKCU\...\MuvizuTrains) (Version:  - Digimania Ltd)
Muvizu:Play (HKLM-x32\...\Muvizu) (Version: 2014.03.19.01R - Digimania Ltd)
Nero 9 Essentials (HKLM-x32\...\{1c3e0a76-e0cd-4c7a-87cf-f25415648648}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.26.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero Rescue Agent (x32 Version: 2.4.14.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.26.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1090 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Rocketfish Bluetooth Combo (HKLM-x32\...\{8C099AC0-189B-4413-AC25-AC461A172223}) (Version: 1.0.0.0 - RocketFish)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Sonic & Knuckles Collection Documentation (HKLM-x32\...\Sonic & Knuckles Collection Documentation) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Strongvault Online Backup (HKLM-x32\...\{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}) (Version: 1.0.1.0 - Strongvault)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13041_4 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13041_4 - Samsung Electronics Co., Ltd.) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{5DB2894C-2DA4-4DEF-A051-795AE799964A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C7351301-60F9-4B04-AFF6-600A4C98CE40}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{1B2035BA-BFB0-4F1F-A702-80CF1377285D}) (Version: 2.13.0502 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{E459A8EA-1981-4D99-8D1E-5AABE1535AF8}) (Version: 2.13.0502 - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9400 - Broadcom Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Movie Maker Beta (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
WinX Video Converter 4.5.18 (HKLM-x32\...\WinX Video Converter_is1) (Version:  - Digiarty Software,Inc.)

========================= Devices: ================================


**** End of log ****
 



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 26 July 2014 - 09:14 AM

Hi margolis

Seems that only MBAM is effected, we'll come back to that later.


Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 11 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 11".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    .
    Java 7 Update 45
    Java 6 Update 26

    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
Or you can use Firefox or Chrome browsers which should be 32bit.


Please post the findings from the Eset scan.

Thanks

BBPP6nz.png


#8 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 26 July 2014 - 07:24 PM

Starbuck,

Again thanks.

I followed your instructions.

Please find the scan contents from ESETScan.

Alan

 

 

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    
C:\$Recycle.Bin\S-1-5-21-1341092738-1858294347-2959768899-1000\$RDW83FS.exe    a variant of Win32/InstallIQ potentially unwanted application    deleted - quarantined
C:\Program Files\pcreg\service.exe    Win32/Conduit.SearchProtect.O potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\DefaultTab\DefaultTab.crx    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application    deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    deleted - quarantined
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\temp\a.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\temp\embededstub_new2.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\temp\launcher.exe    Win32/Conduit.SearchProtect.M potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\conduit\spcon\1.1.0.4\embededstub.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\plugins\npDefaultTabSearch.dll    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsb3B4D.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsb6511.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsd2407.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsd2714.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsh3DDE.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsh409D.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsh67F0.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsm6ACE.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nso2A12.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nso550C.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nst9FDB.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsw1C4A.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsy5857.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsy5B64.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsyA00A.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\SPSetup.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\temp_3752998797.exe    a variant of Win32/SpeedingUpMyPC application    cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\nstC52\SpSetup.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Local\Temp\nsw2405\SpSetup.exe    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe    Win32/Toolbar.DefaultTab.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe    Win64/Toolbar.DefaultTab.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe    Win32/Toolbar.DefaultTab.E potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll    a variant of Win64/Toolbar.DefaultTab.B potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe    Win32/Toolbar.DefaultTab.A potentially unwanted application    deleted - quarantined
C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application    deleted - quarantined
C:\Windows\Temp\nscB9E0.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
C:\Windows\Temp\nsmD369.exe    Win32/Conduit.SearchProtect.R potentially unwanted application    deleted - quarantined
 



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 27 July 2014 - 06:41 AM

Hi margolis

As Eset has found plenty of adware, we'll run a couple of dedicated adware removal tools and make sure it's all been removed.
We'll also clean out the temp folders as the report is showing that some of the adware is residing there.

Step 1
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
In your next reply, please submit:
JRT.txt
AdwCleaner report


Thanks.

BBPP6nz.png


#10 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 27 July 2014 - 01:10 PM

Starbuck,

As always, thanks for the guidance.

I have noticed that my McAfee Total Protection has now been damaged. Please advise when I should reinstall after all the tasks you have planned unless you recommend something else.

I am not sure if the AdwCleaner completed it's scan. It hung as pending.

Per your instructions please find the JRT.Txt results and the AdwCleaner log file in the following two sections.

Thanks

Alan

 

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sun 07/27/2014 at  9:55:26.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabsearch
Successfully deleted: [Service] defaulttabsearch
Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\strongvault
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_painttool-sai_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_painttool-sai_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_painttool-sai_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_painttool-sai_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\dg7kzqho.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\dg7kzqho.default\searchplugins\search-here.xml
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\dg7kzqho.default\prefs.js

user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\
user_pref("extensions.xkit7.extension_go_to_dash", "{\"script\":\"//* TITLE Go-To-Dash **//\\r\\n//* VERSION 1.0 REV F **//\\r\\n//* DESCRIPTION View a post on a blog on your
user_pref("extensions.xkit7.extension_one_click_postage", "{\"script\":\"//* TITLE One-Click Postage **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you easily
user_pref("extensions.xkit7.extension_one_click_reply", "{\"script\":\"//* TITLE One-Click Reply **//\\r\\n//* VERSION 1.9 REV F **//\\r\\n//* DESCRIPTION Lets you reply to no
user_pref("extensions.xkit7.extension_tweaks", "{\"script\":\"//* TITLE Tweaks **//\\r\\n//* VERSION 2.9 REV A **//\\r\\n//* DESCRIPTION Various little tweaks for your dashboa
user_pref("extensions.xkit7.extension_xinbox", "{\"script\":\"//* TITLE XInbox **//\\r\\n//* VERSION 1.9 REV B **//\\r\\n//* DESCRIPTION Enhances your Inbox experience **//\\r
user_pref("extensions.xkit7.extension_xkit_patches", "{\"script\":\"//* TITLE XKit Patches **//\\r\\n//* VERSION 2.4 REV F **//\\r\\n//* DESCRIPTION Patches framework **//\\r\
user_pref("extensions.xkit7.extension_xkit_preferences", "{\"script\":\"//* TITLE XKit Preferences **//\\r\\n//* VERSION 3.2 REV A **//\\r\\n//* DESCRIPTION Lets you customize
user_pref("xkit.x1cpostage", "//* VERSION 5.8 REV E **//\r\n//* TITLE One-Click Postage **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* PREFMENU One-Click Postage Settings **//\
user_pref("xkit.x1cpostage_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG
user_pref("xkit.xfollowers", "//* VERSION 4.1 REV C **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Delta Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION Check who
user_pref("xkit.xgotodash", "//* VERSION 1.2 REV B **//\r\n//* TITLE Go-To-Dash **//\r\n//* DESCRIPTION Adds a button on peoples blogs that allows you to go back to that post
user_pref("xkit.xgotodash_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9
user_pref("xkit.xkit_installer", "//* VERSION 6.1 REV A **//\r\n// XKit Installer\r\n// Installs XKit. Loaded by bootstrapper.\r\n// © 2011 STUDIOXENIX.com\r\n\r\nvar instal
user_pref("xkit.xkit_log", "NaNxkit_init</b>:<p>Welcome to XKit.\nCopyright 2011 - 2012 STUDIOXENIX.\nVersion: 6.0 PR1\nRunning on: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0
user_pref("xkit.xkit_preferences", "//* VERSION 6.9 REV E **//\r\n//* TITLE XKit Control Panel **//\r\n//* INTERVAL 0 **//\r\n// XKit Preferences\r\n// Injects the preference
user_pref("xkit.xkit_required", "//* VERSION 6.0 REV C **//\r\n// XKit Required\r\n// Required images and text.\r\n// © 2011 - 2012 STUDIOXENIX.com\r\n\r\n\r\n/*!\r\n * jQue
user_pref("xkit.xmutualfollowers", "//* VERSION 1.0 REV D **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Mutual Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION Che
user_pref("xkit.xnews_9IsPoweYV9_message", "<b>Thanks for installing XKit 6!</b><br/>\r\nIf you have any suggestions or problems, please feel free to <br/><a href=\"hxxp://xki
user_pref("xkit.xnews_9IsPoweYV9_read", "true");
user_pref("xkit.xnews_9IsPoweYV9_time", "30335134452");
user_pref("xkit.xnews_9IsPoweYV9_title", "Have suggestions?");
user_pref("xkit.xnews_items", ",0,9IsPoweYV9,jZXyuPDBt9");
user_pref("xkit.xpreview_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9i
user_pref("xkit.xquickasks_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG
user_pref("xkit.xreblogurself_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\dg7kzqho.default\minidumps [47 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/27/2014 at 10:01:46.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

AdwClearner

# AdwCleaner v3.216 - Report created 27/07/2014 at 10:59:19
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - ASUS-NOOK
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\pcreg
Folder Deleted : C:\Users\User\AppData\Local\Conduit
Folder Deleted : C:\Users\User\AppData\Local\PackageAware
Folder Deleted : C:\Users\User\AppData\Local\strongvault
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dg7kzqho.default\searchplugins\trovi-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\dg7kzqho.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325281&octid=EB_ORIGINAL_CTID&ISID=MAE8C33A7-3D08-4332-BBA8-7DD88E572ED5&SearchSource=58&CUI=&UM=2&UP=SP3B04076A-7CF7-4FF2-8B45-5127D2AB8555&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3326239&octid=EB_ORIGINAL_CTID&ISID=MB88EC6B2-8F26-420A-B59B-220E1AB0DB35&SearchSource=55&CUI=&UM=2&UP=SP3B04076A-7CF7-4FF2-8B45-5127D2AB8555&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3326239&octid=EB_ORIGINAL_CTID&ISID=MB88EC6B2-8F26-420A-B59B-220E1AB0DB35&SearchSource=55&CUI=&UM=2&UP=SP3B04076A-7CF7-4FF2-8B45-5127D2AB8555&SSPV=
Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc

*************************

AdwCleaner[R0].txt - [2863 octets] - [27/07/2014 10:16:15]
AdwCleaner[S0].txt - [2820 octets] - [27/07/2014 10:59:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2880 octets] ##########
 



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 27 July 2014 - 01:59 PM

Hi again,

I am not sure if the AdwCleaner completed it's scan. It hung as pending.

The report seems complete, so nothing to worry about.

Both scans have removed a lot more adware.
Did you run the TFC program?

I have noticed that my McAfee Total Protection has now been damaged. Please advise when I should reinstall after all the tasks you have planned unless you recommend something else.

McAfee is obviously a 'paid for' program, do you have long left on the license?
It's not a program that i would normally recommend..... but if it works for you, that's all that matters.
If you want to reinstall McAfee, you will need to run the uninstaller from the Add/Remove and then to make sure everything has been removed:
Download the McAfee Removal Tool from Here
Save it to your Desktop.
Right click on the icon and select Run as Administrator .... then follow any prompts.
You should be able to install a fresh copy from:
http://home.mcafee.com/store/total-protection
and should be able to use your license details again to activate it.

If you wish to change your AV protection, are you looking for a free AV or another paid for AV?

Free AV's:
Bitdefender Free
MS Security Essentials

Paid for AV's:
Emsisoft AntiMalware
Eset Nod32

Which ever you choose to do..... install, update and then run a full scan.

Once you have done this we will continue.

BBPP6nz.png


#12 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 27 July 2014 - 05:08 PM

Starbuck,

I did run the TFC program as requested. Was there a log that you would like to have reviewed?

I did remove, clean and reinstall McAfee Total Protection and run full scan with no issues.

I have a little over a month left on my subscription. I have it on multiple computers and McAfee has been okay for most of my computers.

I Can't help when someone specifically downloads third party software when they are not paying attention to the detials nor can I keep my children from downloading suspicious content. Believe me I try.

Again,

Thanks

Alan



#13 MrMatrixGuy

MrMatrixGuy

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 27 July 2014 - 05:21 PM

I'll let Starbuck finish up with your Support Request.

But I saw that you were using McAfee

I suggest you use Avast Free or Pro

It has a High AV Base and its not a Resource Hog.

Edited by MrMatrixGuy, 27 July 2014 - 05:21 PM.


#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:12 PM

Posted 28 July 2014 - 11:17 AM

Hi margolis
 

I did run the TFC program as requested. Was there a log that you would like to have reviewed?

TFC will just show the amount of files removed in MB's on the screen.... but there's no actual log produced.
As long as it has been run, then the temp files etc will have been cleaned out.
 

I Can't help when someone specifically downloads third party software when they are not paying attention to the detials nor can I keep my children from downloading suspicious content. Believe me I try.

Been there, done that and got the T shirt.
Luckily our kids have all grown up and left home now :bananas: So i don't have that hassle anymore.
But occasionally they do fetch there computers back for me to sort out!

This is the error that was showing for MBAM:
 

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

The MSVCR100.DLL file should be in the MBAM folder....
Click Start >> Computer >> C Drive >> Program Files (x86) >> MalwareBytes AntiMalware
In the MalwareBytes folder you will see a list of files:

mbamsnip_zps1eb6867e.png

Is MSVCR100.DLL listed?
If so, what is the file size...... you can see mine in the snapshot above.
 
Also, when you installed MBAM did you install just the free version or did you activate the trial version?
 
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
  • Click Finish
 


Unfortunately i won't be online again this evening as it's the Wife's birthday, so i'll be taking her out for the customary meal. :)

Edited by Starbuck, 28 July 2014 - 11:50 AM.

BBPP6nz.png


#15 margolis

margolis
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 28 July 2014 - 11:20 PM

Starbuck, Have a great evening!

Enjoy the customary Birthday festivities. Ensure you get her something she likes. Don't give her the credit card and say "go buy something nice" it only comes back to haunt you. A simple card with a crisp $2 bill usually is special.

 

Back to work.

I did not activate the trial version, just installed free version.

 

I had previously searched for MSVCR100.DLL and found it existed in many folders as shown.

C:\program Files\Java\jre8\bin\pugin2 809KB

C:\Program Files\Java\jre8bin  809KB

C:\Program Files (x86)\Malwarebytes Anti-Malware 756KB

C:\Program Files (x86)\Mozilla Firefox 752KB

C:\Windows\System32 809KB

C:\windows\SysWOW64 755Kb

 

 

MSVCR100.dll.vir

C:\adwcleaner\Quarantine\C\Program Files\pcreg 752KB

 

 

Maybe this will provide some insight into the conflict.

Thanks and Happy Birthday to the Wife.

Alan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users