Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

(Unwanted) POP-UP ADs in Bottom Left & Right Corners of Browser Wi


  • This topic is locked This topic is locked

#16
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.6)
BrowseToSave 1.74
Coupon Printer for Windows
Freecorder 5
Freecorder Toolbar
Java 7 Update 9
JavaFX 2.1.1
Uniblue RegistryBooster

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

Advertisements


#17
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Haven't heard back from you? Are there any other steps I need to take?

My computer seems to be running well, without any known issues.


OPPS!!! My bad! I didn't see your post on the second page...

I will look into what you explained here and get back to you.

Thanks!

Edited by dogonit2, 09 March 2013 - 06:21 AM.

  • 0

#18
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem it happens allot :)
  • 0

#19
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK, here is the next reports from the last recommended fixes...

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.09.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dogonit23 :: DOGONIT23-HP [administrator]

3/9/2013 3:13:31 PM
mbam-log-2013-03-09 (15-13-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223087
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


and...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:22 PM, on 3/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\dogonit23\Desktop\Fix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...912&lg=EN&cc=US
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - (no file)
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_1_0
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SubVid] "C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe" /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.we...nt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2011/01/03 00:55:14 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarOpen - IDT, Inc. - (no file)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17679 bytes





I am not sure I did the deleting of all the extra files when I did the Revo Uninstaller. I guess there may have been some BOLDED files if I looked further down into the files. I just deleted all those the were highlighted before breaking them down.

Once or twice the Revo uninstaller gave a failed attempt to uninstall a program, but I carried on with the task and do not see signs of those programs in my folder.

I have not Fix Checked any of the items in the HijackThis file log yet, as you did not specify to do anything but show you the final report.


Here is another list of my programs again to show you what is left on my machine after this work...


Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AI RoboForm
Amazon Kindle
Apple Application Support
Apple Software Update
ArcSoft Camera Suite 1.3
ArcSoft Software Suite
ASHelper
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AudibleManager
Auto Blog Software
Auto Hide IP
Auto Traffic Monopoly 1.0.1
AzSiteBuilder
BacklinkProfitMonster
Bejeweled 2 Deluxe
Big Boy Cover Creator
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Blog Profit Pro
BlogHatter Pro 2010
Bloopio
Bounce Symphony
BrowseToSave 1.74
Build-a-lot 2
BusinessLeadsMiner v2.54
Cake Mania
Camtasia Studio 7
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CardMinder V3.0
Carnival Submitter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CherryPicker
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
CloneDVD2
Conference Recording Service
Content Samurai 1.0
Coupon Printer for Windows
CurationSoft
CyberLink DVD Suite
D3DX10
DeepBurner Pro v1.9.0.228
DeepBurner v1.9.0.228
DHTML Editing Component
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Doxillion Document Converter
DupeFree Pro
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
DVDFab 9.0.1.5 (08/12/2012) Qt
Easy Lead Finder
Easy Sales Video Player
Ecover Brander 1.0
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
FBP - Facebook Blaster Pro
Fences Pro
FileZilla Client 3.6.0.2
Final Drive Nitro
Freecorder 5
Freecorder Toolbar
FreeMind
GIMP 2.6.8
Google Chrome
Google Maps Listing Locator
Google Talk Plugin
Google Update Helper
GoogleMapsCash.com Software 1.1
GoToMeeting 5.4.0.1083
GPScraper 2011
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Hulu Desktop
IDT Audio
IM Easy Button Autoresponder
Instant Business Finder v2.27
Instant Content Curator Pro
Instant Lead Magnet Demo v1.13
Internet Download Manager
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JDownloader 0.9
Jewel Quest Solitaire 2
Jing
Junk Mail filter update
Keyword Tool v2.01
KeywordSwipe 1.0
KSO Watchboard
LabelPrint
Link Builder
Linkwheel
Local Leads Magic Extractor
Local Niche Spy
Localizer Beta
Localizer Leads Tool
Logic Audio Platinum v5.10
Logitech Vid
Long Tail Pro
Malwarebytes Anti-Malware version 1.70.0.1100
Micro Niche Domain Finder version 0.23
MicroCashMachines
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MixPad
Mobile Partner
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Niche Video Site Builder - Platinum Edition 1.0
NicheSensei
OnlyWire
OpenOffice.org 3.3
PageOne Curator
PDF Download for Internet Explorer
PDFCreator
pdfforge Toolbar v4.6
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power Lead Snatcher v1.0
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
Project Organizer
Proxy Goblin
Proxy Server Finder
Quick Video Marketing Extreme Suite 1.0
QuickTime
Rank Armory Setup
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
RoxioNow Player
ScanSnap Manager
ScanSnap Organizer
Search Syndicate version 1.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SendBlaster 2
Sindicator
Site Profit Bot 1.8
Skype Click to Call
Skype™ 6.1
SpinWizard-HC
SpywareBlaster 4.6
StorageSync Backup Software
Subliminal $SUBLIMINAL_VERSION
Switch Sound File Converter
The 5 Bucks a Day Action Enforcer
The Logo Creator v5.2
The Prospector version 2.7
Times Reader
topkeywordlists
Torch
Traffic Hurricane Pro Personal Use Edition
Traffic Launch Pad
Traffic Travis 3.3.16
TrafficPhoenix
Tube Equalizer
Tube Fool
Tube NiTRO
Turbo Lister 2
Underachiever Secrets
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update or Uninstall SENukeX
VC80CRTRedist - 8.0.50727.6195
Viral PDF Silver Edition v2.0
Viral Video Curator Pro
Virtual Families
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
WavePad Sound Editor
WebM Media Foundation Components
Website Indexer
Wheel of Fortune 2
Windows Doctor 2.7.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinRAR archiver
WinX DVD Ripper Platinum 6.3.5
Wordpress EasyButton
xGen SEO
XHeader
XMind
XTA Deluxe
XTBSetup
YellaBot
YPSpider v2.15
Zuma Deluxe
  • 0

#20
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_1_0
      O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
      O4 - HKCU\..\Run: [SubVid] "C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe" /startup
      O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#21
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Dang! That took a long time for that scan... nearly 9 hours.

Here it is:

C:\Program Files (x86)\Site Profit Bot\Temp\Template2\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\default\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\freshpick1\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\jungleland\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_10blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_10green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_10purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_10red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_10_Orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_4blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_4green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_4orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_4purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_4red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_5blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_5green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_5orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_5purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_5red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_7blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_7green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_7orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_7purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_7red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_9blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_9green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_9orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_9purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t1_9red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Red\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Blue\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Green\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Orange\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Purple\include\description.php PHP/Obfuscated.F application
C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Red\include\description.php PHP/Obfuscated.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\BrowseToSave\sprotector.dll.vir a variant of Win32/SProtector.A application
C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Default\aaapmlabpoegnjhegdhpldfimicamhfd\background.html Win32/BHO.OEI trojan
C:\Users\dogonit23\AppData\Local\SENukeX\SENukeRecovery.exe a variant of MSIL/Packed.CryptoObfuscator.C application
C:\Users\dogonit23\Desktop\Software Downloads\Adaware_Installer.exe Win32/OpenCandy application
C:\Users\dogonit23\Desktop\Software Downloads\cbsidlm-tr1_10a-Windows_Doctor-SEO-10746668_2.exe Win32/DownloadAdmin.G application
C:\Users\dogonit23\Desktop\Software Downloads\Internet Video Downloader setup.exe Win32/Toolbar.Zugo application
C:\Users\dogonit23\Desktop\Software Downloads\intunemp3_2562.exe a variant of Win32/InstallIQ application
C:\Users\dogonit23\Desktop\Software Downloads\polderbits_access_key_downloader_133a.exe a variant of Win32/YourFileDownloader application
C:\Users\dogonit23\Desktop\Software Downloads\Registry Booster\registrybooster.exe Win32/RegistryBooster application
C:\Users\dogonit23\Documents\ElmFord Backup\Data\StorageSync\Drive_C\Documents and Settings\Desktop\Unused\registryfix.exe a variant of Win32/Adware.ErrorClean application
C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\1VRRM3OD\optin_confirm[1].htm JS/TrojanDownloader.HackLoad.AG trojan
C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\VCIPI098\SGS[1].htm JS/TrojanDownloader.HackLoad.AG trojan
C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\XUTD07K9\SSS[1].htm JS/TrojanDownloader.HackLoad.AG trojan
F:\Marketing\9 to 5 Annihilation\Software\TweetAutoFollow\9-5 Annihilation - Follow Automation Tool.exe a variant of MSIL/Ubot.A application
F:\Marketing\Affiliate Marketing\Affiliate Funnel System\Module 3 - Underground Traffic Arbitrage & Campaign Initiation\GOMPLAYERENSETUP.EXE a variant of Win32/Bundled.Toolbar.Ask.A application
F:\Marketing\GVO\ryankmarketing.com\ftp download\public_html\wp-content\plugins\wpviralunlimited.php PHP/Obfuscated.F application
F:\Marketing\GVO\ryankmarketing.com\ftp download\www\wp-content\plugins\wpviralunlimited.php PHP/Obfuscated.F application
F:\Marketing\Keyword Research\Keyword Rampage\Keyword Rampage\Keyword_Rampage_Full_V1.9.exe a variant of MSIL/Ubot.A application
F:\Marketing\Micro Niche Profits Formula\Tools\any-video-converter-free.exe Win32/OpenCandy application
F:\Marketing\My Websites\IIAinfo\public_html\include\description.php PHP/Obfuscated.F application
F:\Marketing\My Websites\IIAinfo\www\include\description.php PHP/Obfuscated.F application
F:\Marketing\My Websites\RyanK\public_html\blog\wp-content\themes\Slidely\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\RyanK\public_html\wp-content\themes\Slidely\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\RyanK\www\blog\wp-content\themes\Slidely\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\RyanK\www\wp-content\themes\Slidely\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Abelia\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Alize\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\GreyShade\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Lenera\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Martina\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Soley\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Structure\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Abelia\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Alize\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\GreyShade\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Lenera\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Martina\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Soley\header.php PHP/Kryptik.AB trojan
F:\Marketing\My Websites\Tval\www\wp-content\themes\Structure\header.php PHP/Kryptik.AB trojan
F:\Marketing\PPC\Copy Paste Systems\20systemstradebit\50RR-11-MillionDollarDealsMRR\MillionDollarDeals_MRR\product\JVproduct.exe probably a variant of Win32/PSW.IM.MIIAIQM trojan
F:\Marketing\PPC\Copy Paste Systems\20systemstradebit\50RR-34-UnleashTheBookWithin\UnleashTheBookWithin\UnleashTheBookWithin.exe probably a variant of Win32/PSW.IM.JYGWRFB trojan
F:\Marketing\SEO\SEnuke\Software\hotfile\SX\Senuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
F:\Marketing\SEO\SEnuke\Software\mediafire\SX\Senuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
F:\Marketing\SEO\SEnuke\Software\megaupload\SENuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
F:\Marketing\SEO\SEnuke\Software\megaupload\SX\Senuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
F:\Marketing\Social Marketing\Pinterest\Pinterest Theme\Pinterest Theme\{Pinterest_wordpress_theme.zip}_downloader_411.exe a variant of Win32/ExpressFiles application
F:\Marketing\Tools\Crackit\Get Article Pro\Update.exe a variant of MSIL/Packed.CryptoObfuscator.C application
F:\Marketing\Tools\Crackit\Micro Niche Finder 5.5.7\loader.exe a variant of Win32/Packed.Themida application
F:\Marketing\Tools\Crackit\Proxy Server Finder 1.09\Proxy Server Finder v1.090203 Patch.exe a variant of Win32/HackTool.Patcher.D application
F:\Marketing\Tools\Crackit\SenukeX 2.2.4\Crack\SENuke.exe a variant of MSIL/Packed.CryptoObfuscator.D application
F:\Marketing\Tools\Crackit\Traffik Buster 4.0.0.15\Traffic Buster.exe a variant of MSIL/Packed.Confuser.F application
F:\Marketing\Tools\Crackit\uBot Studio v.3\UBotDevTool.exe a variant of MSIL/Ubot.A application
F:\Marketing\Tools\Free Mass Traffic\Software\FMT-V1.0.exe Win32/Adware.FreeMassTraffic application
F:\Marketing\Tools\Help Desk\hesk22\admin\admin_main.php PHP/Obfuscated.F application
F:\Marketing\Tools\Help Desk\hesk22\inc\footer.inc.php PHP/Obfuscated.F application
F:\Marketing\Tools\Micro Niche Finder\The Ultimate PLR Article Collection\cbsidlm-tr1_10a-Windows_Doctor-SEO-10746668.exe Win32/DownloadAdmin.G application
F:\Marketing\Tools\Site Profit Bot\Software\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb\SetupSPB1.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb11\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb12\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb15\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb17\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Tools\Site Profit Bot\Software\spb18\SetupSPB.exe PHP/Obfuscated.F application
F:\Marketing\Wordpress Plugins\ALL PLUGINS\wpviralunlimited.php PHP/Obfuscated.F application
F:\Marketing\Wordpress Plugins\ALL PLUGINS\hesk22\admin\admin_main.php PHP/Obfuscated.F application
F:\Marketing\Wordpress Plugins\ALL PLUGINS\hesk22\inc\footer.inc.php PHP/Obfuscated.F application
F:\Marketing\Wordpress Plugins\WP Viral Unlimited\WpViralUnlimitedPackage\wpviralunlimited.php PHP/Obfuscated.F application
F:\Marketing\Wordpress Themes\All Flexxtheme-v2 [free-premium-wordpress-themes.com]\Alize\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Facebook Wordpress [free-premium-wordpress-themes.com]\index.php PHP/Obfuscated.B application
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\GreenDream\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Greeny\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\GreyShade\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iBusiness\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iGreat\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iGreatBlack\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\InteriorDesign\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Martina\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Roundly\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Runone\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Slidely\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Structure\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Abelia\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Alize\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Ariya\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Awes\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\BlackShade\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\CarOne\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Estetica\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Expi\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Lenera\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Paraclub\header.php PHP/Kryptik.AB trojan
F:\Marketing\Wordpress Themes\All Unzipped\Soley\header.php PHP/Kryptik.AB trojan
  • 0

#22
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
hello


do you know what all those files are and do you trust them?
  • 0

#23
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Many of these that are in the F drive are marketing things like the Wordress Themes. I probably downloaded them from free or other download site, so who knows what they have on them.

Some others in the C drive should be from trusted companies, but again who knows? And who knows why this last scan is clasifying them as potential threats...?


Please let me know what you think and if I do want to get rid of many of these the best way, if any to do a bulk delete maybe?

Also, I would be interested at the end of this to see what your opinion is on what exactly went down with my computer and if there should be any worries?

Thank you so much!
Ryan

Oh, and again, my machine seems to be doing well.
  • 0

#24
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

If you do not need them then lets be safe and remove them - the other files you mentioned are setup files and can be removed without hurting the program - the download portals love to add extra stuff to the downloads


delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Program Files (x86)\Site Profit Bot\Temp\Template2\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\default\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\freshpick1\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\jungleland\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_10blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_10green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_10purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_10red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_10_Orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_4blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_4green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_4orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_4purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_4red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_5blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_5green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_5orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_5purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_5red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_7blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_7green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_7orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_7purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_7red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_9blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_9green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_9orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_9purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t1_9red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_2Red\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Blue\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Green\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Orange\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Purple\include\description.php"
    del /f /s /q " C:\Program Files (x86)\Site Profit Bot\Templates\t2_6Red\include\description.php"
    del /f /s /q "  C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Default\aaapmlabpoegnjhegdhpldfimicamhfd\background.htm"
    del /f /s /q " C:\Users\dogonit23\AppData\Local\SENukeX\SENukeRecovery.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\Adaware_Installer.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\cbsidlm-tr1_10a-Windows_Doctor-SEO-10746668_2.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\Internet Video Downloader setup.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\intunemp3_2562.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\polderbits_access_key_downloader_133a.exe"
    del /f /s /q " C:\Users\dogonit23\Desktop\Software Downloads\Registry Booster\registrybooster.exe"
    del /f /s /q " C:\Users\dogonit23\Documents\ElmFord Backup\Data\StorageSync\Drive_C\Documents and Settings\Desktop\Unused\registryfix.exe"
    del /f /s /q " C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\1VRRM3OD\optin_confirm[1].htm"
    del /f /s /q " C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\VCIPI098\SGS[1].htm"
    del /f /s /q " C:\Users\dogonit23\Documents\ElmFord Backup\DOCUMENTS\Recovered\rkoblasa\Local Settings\Temporary Internet Files\Content.IE5\XUTD07K9\SSS[1].htm"
    del /f /s /q " F:\Marketing\9 to 5 Annihilation\Software\TweetAutoFollow\9-5 Annihilation - Follow Automation Tool.exe"
    del /f /s /q " F:\Marketing\Affiliate Marketing\Affiliate Funnel System\Module 3 - Underground Traffic Arbitrage & Campaign Initiation\GOMPLAYERENSETUP.EXE"
    del /f /s /q " F:\Marketing\GVO\ryankmarketing.com\ftp download\public_html\wp-content\plugins\wpviralunlimited.php"
    del /f /s /q " F:\Marketing\GVO\ryankmarketing.com\ftp download\www\wp-content\plugins\wpviralunlimited.php"
    del /f /s /q " F:\Marketing\Keyword Research\Keyword Rampage\Keyword Rampage\Keyword_Rampage_Full_V1.9.exe"
    del /f /s /q " F:\Marketing\Micro Niche Profits Formula\Tools\any-video-converter-free.exe"
    del /f /s /q " F:\Marketing\My Websites\IIAinfo\public_html\include\description.php"
    del /f /s /q " F:\Marketing\My Websites\IIAinfo\www\include\description.php"
    del /f /s /q " F:\Marketing\My Websites\RyanK\public_html\blog\wp-content\themes\Slidely\header.php"
    del /f /s /q " F:\Marketing\My Websites\RyanK\public_html\wp-content\themes\Slidely\header.php"
    del /f /s /q " F:\Marketing\My Websites\RyanK\www\blog\wp-content\themes\Slidely\header.php"
    del /f /s /q " F:\Marketing\My Websites\RyanK\www\wp-content\themes\Slidely\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Abelia\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Alize\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\GreyShade\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Lenera\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Martina\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Soley\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\public_html\wp-content\themes\Structure\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Abelia\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Alize\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\GreyShade\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Lenera\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Martina\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Soley\header.php"
    del /f /s /q " F:\Marketing\My Websites\Tval\www\wp-content\themes\Structure\header.php"
    del /f /s /q " F:\Marketing\PPC\Copy Paste Systems\20systemstradebit\50RR-11-MillionDollarDealsMRR\MillionDollarDeals_MRR\product\JVproduct.exe"
    del /f /s /q " F:\Marketing\PPC\Copy Paste Systems\20systemstradebit\50RR-34-UnleashTheBookWithin\UnleashTheBookWithin\UnleashTheBookWithin.exe"
    del /f /s /q " F:\Marketing\SEO\SEnuke\Software\hotfile\SX\Senuke.exe"
    del /f /s /q " F:\Marketing\SEO\SEnuke\Software\mediafire\SX\Senuke.exe"
    del /f /s /q " F:\Marketing\SEO\SEnuke\Software\megaupload\SENuke.exe"
    del /f /s /q " F:\Marketing\SEO\SEnuke\Software\megaupload\SX\Senuke.exe"
    del /f /s /q " F:\Marketing\Social Marketing\Pinterest\Pinterest Theme\Pinterest Theme\{Pinterest_wordpress_theme.zip}_downloader_411.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\Get Article Pro\Update.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\Micro Niche Finder 5.5.7\loader.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\Proxy Server Finder 1.09\Proxy Server Finder v1.090203 Patch.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\SenukeX 2.2.4\Crack\SENuke.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\Traffik Buster 4.0.0.15\Traffic Buster.exe"
    del /f /s /q " F:\Marketing\Tools\Crackit\uBot Studio v.3\UBotDevTool.exe"
    del /f /s /q " F:\Marketing\Tools\Free Mass Traffic\Software\FMT-V1.0.exe"
    del /f /s /q " F:\Marketing\Tools\Help Desk\hesk22\admin\admin_main.php"
    del /f /s /q " F:\Marketing\Tools\Help Desk\hesk22\inc\footer.inc.php"
    del /f /s /q " F:\Marketing\Tools\Micro Niche Finder\The Ultimate PLR Article Collection\cbsidlm-tr1_10a-Windows_Doctor-SEO-10746668.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb\SetupSPB1.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb11\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb12\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb15\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb17\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Tools\Site Profit Bot\Software\spb18\SetupSPB.exe"
    del /f /s /q " F:\Marketing\Wordpress Plugins\ALL PLUGINS\wpviralunlimited.php"
    del /f /s /q " F:\Marketing\Wordpress Plugins\ALL PLUGINS\hesk22\admin\admin_main.php"
    del /f /s /q " F:\Marketing\Wordpress Plugins\ALL PLUGINS\hesk22\inc\footer.inc.php"
    del /f /s /q " F:\Marketing\Wordpress Plugins\WP Viral Unlimited\WpViralUnlimitedPackage\wpviralunlimited.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Flexxtheme-v2 [free-premium-wordpress-themes.com]\Alize\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Facebook Wordpress [free-premium-wordpress-themes.com]\index.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\GreenDream\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Greeny\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\GreyShade\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iBusiness\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iGreat\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\iGreatBlack\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\InteriorDesign\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Martina\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Roundly\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Runone\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Slidely\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\#1 - Nice\Structure\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Abelia\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Alize\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Ariya\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Awes\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\BlackShade\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\CarOne\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Estetica\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Expi\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Lenera\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Paraclub\header.php"
    del /f /s /q " F:\Marketing\Wordpress Themes\All Unzipped\Soley\header.php"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java


During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.

If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.

Link to download latest version. - install Java

How to disable java in your web browsers - Disable Java



:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them
Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.


The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#25
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I will come back later today to go through these steps further.

Before I do so, are you suggesting that it be mandatory that I remove all those listed above, or can I pick and chose from the list as I see fit and delete the lines one by one?

Some of these were bought from reputable companies that I doubt have any real infection.

Also, was mine a typical job, severe or minor?

I will get back later today when I have completed the steps above.

Thanks!
  • 0

Advertisements


#26
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Lets do this - give a list of what you want to keep and I will review it
  • 0

#27
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
So I just deleted all of them. If I run in to some programs not running properly since I deleted these than I will deal with it then.

I did all the other steps you suggested here and have installed the Win Patrol.

I will have to look further in to it to see all of it's real functions.

Anything else I need to do? A final report or anything?

Thanks!
  • 0

#28
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Nope that is it - if you have any trouble in the next few days then come here and let me know



gringo
  • 0

#29
dogonit2

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Awesome! Thank you so much!

You have been a great help. I will keep an eye on things.

Once I get ahead, I will be sure to return to send you something to show my appreciation.

Things have been really rough, otherwise I wouldn't hesitate.
  • 0

#30
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
No problem and glad I was able to help



gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP