ervx01
-
Posts
37 -
Joined
-
Last visited
-
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/4/2016 Scan Time: 4:37 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.01.04.06 Rootkit Database: v2015.12.26.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Bob Scan Type: Threat Scan Result: Completed Objects Scanned: 456910 Time Elapsed: 24 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Backdoor.Bot, C:\Users\Bob\AppData\Local\Temp\0947c6c8.tmp, Quarantined, [f0b639fc7d1cf244b6576cceaf5529d7], Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by Bob (administrator) on BOB-PC (05-01-2016 11:25:57) Running from C:\Users\Bob\Downloads Loaded Profiles: Bob (Available Profiles: Bob) Platform: Windows 7 Home Premium (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Spotify Ltd) C:\Users\Bob\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Spotify Ltd) C:\Users\Bob\AppData\Roaming\Spotify\Spotify.exe (Freecom) C:\Users\Bob\AppData\Local\Temp\Password 2.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ICBC OEM From Mingwah Technologies Co., Ltd) C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe (Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUI.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe (Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Spotify Ltd) C:\Users\Bob\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Bob\AppData\Roaming\Spotify\Spotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor) HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] () HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [MWREGICBC.exe] => C:\Program Files (x86)\ICBCEbankTools\MingWah\MWREGICBC.exe [42440 2011-02-27] (ICBC OEM From Mingwah Technologies Co., Ltd) HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [eMuleAutoStart] => C:\Program Files (x86)\easyMule\eMule.exe -AutoStart HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [spotify Web Helper] => C:\Users\Bob\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-15] (Spotify Ltd) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\Run: [spotify] => C:\Users\Bob\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-15] (Spotify Ltd) HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\MountPoints2: H - H:\autorun.exe HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\MountPoints2: {291b4bd8-3a10-11e0-86c6-00262d3138b4} - H:\autorun.exe HKU\S-1-5-21-2896317678-674235471-4210084263-1001\...\MountPoints2: {7124710b-4283-11e1-b5e4-00262d3138b4} - H:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password 2.lnk [2012-11-27] ShortcutTarget: Password 2.lnk -> C:\Users\Bob\AppData\Local\Temp\Password 2.exe (Freecom) Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk [2014-05-02] ShortcutTarget: DealFinder.lnk -> C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe () Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-07-11] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2016-01-05] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [s-1-5-21-2896317678-674235471-4210084263-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110 Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1CBAB0AA-79D0-4329-8AF9-860295C7DEBB}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173609109107p0458v115k4561s29o HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173609109107p0458v115k4561s29o HKU\S-1-5-21-2896317678-674235471-4210084263-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2896317678-674235471-4210084263-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2801&r=173609109107p0458v115k4561s29o SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKU\S-1-5-21-2896317678-674235471-4210084263-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS397 SearchScopes: HKU\S-1-5-21-2896317678-674235471-4210084263-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2896317678-674235471-4210084263-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS397 BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-2896317678-674235471-4210084263-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {0EB487C8-E9AC-43A6-8C4C-083999B0622F} hxxps://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll DPF: HKLM-x32 {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab DPF: HKLM-x32 {93E730CA-32AA-4C56-B5FB-65932E954CFE} hxxps://mybank.icbc.com.cn/icbc/newperbank/ICBC_IE_FULL_SCREEN.CAB DPF: HKLM-x32 {B1FBC1AD-5644-4084-882A-0F8BA85E7506} hxxps://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll DPF: HKLM-x32 {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} hxxps://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab DPF: HKLM-x32 {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} hxxps://mybank.icbc.com.cn/icbc/icbc_mwdv.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\up2ais8b.default-1447349307808 FF Homepage: hxxps://www.yahoo.com/ about:preferences FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] () FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-20] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-20] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-20] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\up2ais8b.default-1447349307808\user.js [2015-11-12] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-20] [not signed] FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-20] [not signed] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-20] [not signed] FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-12-23] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-23] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => not found FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => not found FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-03-16] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-03-16] [not signed] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\gears.dll => No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll => No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype Click to Call) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-15] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-09-23] (Macrovision Europe Ltd.) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104152 2006-11-25] (EZB Systems, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-10-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-10-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 11:26 - 2016-01-05 11:26 - 03735552 _____ C:\Users\Bob\Downloads\RogueKiller.exe.part 2016-01-05 11:26 - 2016-01-05 11:26 - 00000000 _____ C:\Users\Bob\Downloads\RogueKiller.exe 2016-01-05 11:25 - 2016-01-05 11:26 - 00026638 _____ C:\Users\Bob\Downloads\FRST.txt 2016-01-05 11:25 - 2016-01-05 11:25 - 00000000 ____D C:\FRST 2016-01-05 11:24 - 2016-01-05 11:25 - 02370560 _____ (Farbar) C:\Users\Bob\Downloads\FRST64.exe 2016-01-04 16:35 - 2016-01-05 11:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-04 16:35 - 2016-01-04 16:35 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-04 16:35 - 2016-01-04 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-04 16:35 - 2016-01-04 16:35 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-04 16:35 - 2016-01-04 16:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-01-04 16:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-04 16:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-01-04 16:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-01-04 16:34 - 2016-01-04 16:35 - 22908888 _____ (Malwarebytes ) C:\Users\Bob\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-04 11:34 - 2016-01-04 12:05 - 00000000 ____D C:\Users\Bob\Documents\Herbal extract 2016-01-04 10:29 - 2016-01-04 10:30 - 00889416 _____ (Microsoft Corporation) C:\Users\Bob\Downloads\dotNetFx40_Full_setup.exe 2016-01-04 10:07 - 2016-01-04 10:07 - 00879096 _____ (Microsoft Corporation) C:\Users\Bob\Downloads\NetFxRepairTool.exe 2015-12-23 09:01 - 2015-12-23 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-09 13:55 - 2015-12-09 13:55 - 00298288 _____ C:\Windows\Minidump\120915-19671-01.dmp 2015-12-07 13:13 - 2015-12-07 13:13 - 00000000 ____D C:\Users\Bob\Documents\VPower ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 11:25 - 2007-07-11 17:48 - 00000000 ____D C:\Windows 2016-01-05 11:07 - 2012-01-05 20:38 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Spotify 2016-01-05 11:01 - 2012-03-16 13:16 - 00000252 _____ C:\Windows\Tasks\HP Photo Creations Messager.job 2016-01-05 10:58 - 2012-10-20 00:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-05 10:50 - 2010-10-11 07:08 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps 2016-01-05 10:44 - 2013-01-15 21:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-01-05 10:43 - 2010-10-26 21:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-05 10:37 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-05 10:37 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-05 10:35 - 2010-10-26 21:58 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Skype 2016-01-05 10:19 - 2012-01-05 20:39 - 00000000 ____D C:\Users\Bob\AppData\Local\Spotify 2016-01-05 10:19 - 2010-09-17 15:20 - 00000000 ____D C:\Users\Bob\Tracing 2016-01-05 10:18 - 2010-10-26 21:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-05 10:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-05 09:49 - 2013-05-09 14:37 - 00000000 ____D C:\Users\Bob\Documents\Sea Hawk 2016-01-05 08:46 - 2010-12-22 08:13 - 00000000 ____D C:\Users\Bob\Documents\K-BEST 2016-01-04 10:42 - 2010-10-01 16:21 - 00767774 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-01-04 10:41 - 2009-07-13 21:13 - 00767774 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-04 10:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2015-12-30 14:05 - 2010-12-20 08:05 - 00000000 ____D C:\Users\Bob\Documents\PT Indo 2015-12-30 08:59 - 2013-02-26 16:44 - 00000000 ____D C:\Users\Bob\Documents\CODY 2015-12-29 10:26 - 2011-05-22 20:57 - 00000000 ____D C:\Users\Bob\Documents\United Pharm 2015-12-29 10:05 - 2012-10-20 00:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-29 10:05 - 2012-10-20 00:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-29 10:05 - 2012-10-20 00:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-24 11:11 - 2012-04-24 14:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-23 09:59 - 2015-03-31 13:35 - 00000000 ____D C:\Users\Bob\Documents\RICHARD YEH 2015-12-16 13:44 - 2010-10-26 21:59 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-16 13:28 - 2010-09-17 16:23 - 00000000 ____D C:\ProgramData\FLEXnet 2015-12-15 10:34 - 2011-07-18 20:32 - 00000000 ____D C:\Users\Bob\Documents\WIL 2015-12-15 10:32 - 2012-10-26 06:41 - 00000000 ____D C:\Users\Bob\Documents\Yeh 2015-12-09 13:55 - 2011-04-01 14:52 - 538349120 _____ C:\Windows\MEMORY.DMP 2015-12-09 13:55 - 2011-04-01 14:52 - 00000000 ____D C:\Windows\Minidump 2015-12-09 09:25 - 2011-04-15 16:28 - 00000000 ____D C:\Users\Bob\Documents\Optimum ==================== Files in the root of some directories ======= 2012-02-11 22:03 - 2013-10-16 11:13 - 0007619 _____ () C:\Users\Bob\AppData\Local\resmon.resmoncfg 2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Bob\AppData\Local\setup.txt 2012-03-16 13:14 - 2012-03-16 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini Files to move or delete: ==================== C:\Windows\SysWOW64\ntshrui.dll Some files in TEMP: ==================== C:\Users\Bob\AppData\Local\Temp\COMAP.EXE C:\Users\Bob\AppData\Local\Temp\contentDATs.exe C:\Users\Bob\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Bob\AppData\Local\Temp\GLF46B4.EXE C:\Users\Bob\AppData\Local\Temp\GoogleChromeInstaller.exe C:\Users\Bob\AppData\Local\Temp\ICBC_MW_USHIELD2_INSTALL.EXE C:\Users\Bob\AppData\Local\Temp\o1vw_vca.dll C:\Users\Bob\AppData\Local\Temp\ose00001.exe C:\Users\Bob\AppData\Local\Temp\Password .exe C:\Users\Bob\AppData\Local\Temp\Password 2.exe C:\Users\Bob\AppData\Local\Temp\Password.exe C:\Users\Bob\AppData\Local\Temp\Patch.exe C:\Users\Bob\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe C:\Users\Bob\AppData\Local\Temp\_is64F3.exe C:\Users\Bob\AppData\Local\Temp\_isF86B.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-10 23:06 ==================== End of FRST.txt ============================ Addition.txt rk_31F9.tmp.txt
-
Hello, MBAM detected backdoor.bot and I'm only able to access the internet by unchecking the proxy server box in the LAN settings but seems to always come back when restarting my computer. Please help me get rid of this. TIA. OS: Windows 7 System: 64-bit OS
-
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Is this still open? I've not been able to work on this and will do it a asap. Thank you. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Ok will try this later on. Thank you. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
couldn't run the one you attached. says cannot initialize plug-ins directory -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
I wasn't able to run the uninstaller. Says an error has occurred and program will be terminated. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Hello again. I downloaded combofix from both links but could not run them due to errors. The first error I got from the 1st link was with NSIS and to obtain a new copy from the author. The second links error said that it can't initialize plug-ins directory. Please try again later. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
MrC, I will be flying out of the country tonight and will return on Tuesday. Will only be able to continue this then. Thank you. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
The folder does exist but not the RARSFX0. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Still not able to open it. -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
when I double click on the file after downloading. I've download from both link given but still can't open it -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
I'm not able to open the file. Please see attached screenshot.
-
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Ok I had Kaspersky fix it. It doesn't show up anymore. Is it gone now? -
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Here's a screenshot of Kaspersky.
-
Need help to remove PUP.OPTIONAL.DEFAULTTAB.A / CONDUIT.A
ervx01 replied to ervx01's topic in Resolved Malware Removal Logs
Yes it is.
