Jump to content

- - - - -

Comcast still complaining about Bots after cleaning with PRO

Comcast Bots

  • This topic is locked This topic is locked
51 replies to this topic

#41 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 19 June 2013 - 06:33 AM

ESET - Full Run

C:\FRST\Quarantine\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application
C:\Program Files\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\Program Files (x86)\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan
C:\Users\Temp BOB\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application
C:\Users\Temp BOB\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\vj[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\vj[1].htm JS/Agent.NJW trojan

#42 Psychotic


    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,529 posts
  • Gender:Male
  • Location:Germany

Posted 19 June 2013 - 06:53 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.





C:\Users\Temp BOB\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application
C:\Users\Temp BOB\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application

These files aren´t malware but contain security risks. I would delete them immediatle without opening. Your choice.

My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#43 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 20 June 2013 - 06:40 AM

Before I do this:  will these scripts delete my sons World of Warcraft game or any other browser games?  He seems to think that SYSWOW64 is World of Warcraft...

#44 Psychotic


    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,529 posts
  • Gender:Male
  • Location:Germany

Posted 20 June 2013 - 06:54 AM

Only the subdirectory containing temporary internet files will be deleted. The data of the browser games is stored on their servers, not on your client (to prevent cheating).

SYSWOW64 is a system folder (System Windows on 64 bit) making it possible to run 32bit applications on a 64bit system: http://en.wikipedia.org/wiki/WOW64

It has nothing to do with World of Warcraft, so don´t be afraid.

My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#45 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 20 June 2013 - 07:51 PM

Here is the result - I physically looked and the files really are not there...I ran the fix twice but got the same results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2013
Ran by Desk2 at 2013-06-20 19:46:06 Run:2
Running from C:\Users\Desk2\Desktop\FRST
Boot Mode: Normal

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => File/Directory not found.

==== End of Fixlog ====

#46 Psychotic


    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,529 posts
  • Gender:Male
  • Location:Germany

Posted 21 June 2013 - 01:21 AM

OK, then another:




Please download and run Temp file cleaner: http://www.bleepingc...load/tfc/dl/92/


When fnished:


Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#47 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 21 June 2013 - 07:58 PM

I ran temp file cleaner and adaware so far - they both ran very smooth

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 19:53:43
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Desk2 - BOB
# Boot Mode : Normal
# Running from : C:\Users\Desk2\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Desk2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Temp BOB\AppData\Local\Google\Chrome\User Data\Default\Preferences


AdwCleaner[S1].txt - [25697 octets] - [15/06/2013 08:27:30]
AdwCleaner[S2].txt - [1586 octets] - [21/06/2013 19:53:43]

########## EOF - C:\AdwCleaner[S2].txt - [1646 octets] ##########

#48 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 21 June 2013 - 08:16 PM

Security check

 Results of screen317's Security Check version 0.99.67 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 
 Java 7 Update 25 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#49 Psychotic


    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,529 posts
  • Gender:Male
  • Location:Germany

Posted 22 June 2013 - 06:24 AM

Then your system is clean! :)



Adobe Reader update

Your Adobe Reader is outdated. We will fix this.

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.




Uninstall our tools.
Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.





Reading Material
How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#50 EdGallagher


    New Member

  • Members
  • Pip
  • 31 posts

Posted 23 June 2013 - 08:23 AM

Thanks for all of the help - if I make a donation, does that go to you or to the company?

#51 Psychotic


    Trusted Advisor

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 2,529 posts
  • Gender:Male
  • Location:Germany

Posted 23 June 2013 - 01:51 PM

To me directly because I´m a volunteer, no Malwarebytes employee.

Anyway: Thank you very much. :)

My help is free, however, if you want to support my fight against malware, click here --> Posted Image <--(no worries, every little bit helps)

#52 Maurice Naggar

Maurice Naggar


  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 June 2013 - 12:00 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support


Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users