You have entries for both Symantec/Norton and Avast. One of them need to be uninstalled. Check each process for removal, take off of Startup, Disable the Service, uninstall
You now need to have Malwarebytes remove what it found. UPDATE the program and CHECK the line that says: "* Make sure that everything is checked, and click Remove Selected." Rescan.
Mbam has only found the malware- it shows "No Action Taken"
There is a similar line in SAS: " * Make sure everything found has a checkmark next to it,then press 'Next'"
Please update and check that line.
Loos like you don't do cleanup on the system. There are a gazillion Tracking Cookies! Remove them in SAS, then:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>
CHECK 'accept first party Cookies'>
CHECK 'Block third party Cookies'>
CHECK 'allow per session Cookies'> Apply> OK.
For Firefox: Tools> Options> Privacy> Cookies>
CHECK ‘accept Cookies from Sites’>
UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus:
https://addons.mozilla.org/en-US/firefox/addon/1865
Easy List:
http://easylist.adblockplus.org/
For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
Please reopen HijackThis to 'do system scan only'.
Check each of the processes below. Note: don't click on 'Fix Checked until you complete the list:
Note 2: I have Avast processes listed for removal. If you decide to keep Avast, do NOT check them for removal.
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
J:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [MSConfig] J:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] J:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Acrobat Assistant.lnk = J:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = J:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
If you put the following restriction in place, leave it. If you did not or are not aware of it, check for removal:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
Close all Windows except HijackThis and click on 'Fix Checked.'
The following Services are for the 2 AV programs you have. Do this for the Service of the AV that you are NOT going to keep:
Boot into Safe Mode:
Start> Run> type in
msconfig> Selective Startup> Startup tab> UNCHECK all processes for the AV you are
NOT going to keep.
Disable each Service for the AV you are NOT going to keep. Stop the Service
Start> Run> type in services.msc> right click on the Service> change Startup type to Disabled> Stop the Service.
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - J:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - J:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Reboot into Normal Mode: NOTEL ignore the nag message and close after checking 'don't show this message again.' Stay in Selective Startup.
You will need to run the
Norton Removal Tool if you decide NOT to keep the program:
When you have finished the above:
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Rescan with HijackThis. Please include log for Mbam, new log for HJT and Combofix report in next reply.
You will need to update Adobe when we're through. It's way out of date and presents a vulnerability.