Inactive-A Virus and Malware removal

[KenE06]

Found it

 

[KenE06]

48.0M Sep 15 2013 /mnt/sda2/Windows/System32/config/software
21.5M Sep 15 2013 /mnt/sda2/Windows/System32/config/system

 

[Broni]

It doesn't look right.

Restart in safe mode and see if you have any restore point prior to September 10th.
If yes use it.

 

[KenE06]

I used restore point from a month ago. The computer can now boot normally. What should my next step be?

 

[Broni]

Good news

Create new restore point and re-run MBAM.
Post new log.

 

[KenE06]

Is MBAM Malware Bytes?

 

[Broni]

Yes.

 

[KenE06]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.18.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ken :: KEN-PC [administrator]

Protection: Disabled

9/17/2013 9:51:13 PM
mbam-log-2013-09-17 (21-51-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209132
Time elapsed: 22 minute(s), 28 second(s)

Memory Processes Detected: 3
C:\Program Files\PCFixSpeed\PCFixTray.exe (PUP.Optional.PCFixSpeed) -> 5232 -> Delete on reboot.
C:\Program Files\24x7Help\App24x7Help.exe (PUP.Optional.24x7) -> 5572 -> Delete on reboot.
C:\Program Files\24x7Help\App24x7Svc.exe (PUP.Optional.24x7) -> 960 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 66
HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EF96EDE0-E1F8-4EB2-956B-D54DF35335E4} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\Interface\{44C0ECF5-4AC6-4E39-8091-E57070F8945A} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2} (PUP.Optional.24x7) -> Quarantined and deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\SearchToolbarLib.CSearchToolbarImpl.1 (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\SearchToolbarLib.CSearchToolbarImpl (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\CLSID\{F66C7EC4-63CC-4452-A8C9-5A2E898F8EFF} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCR\TypeLib\{91E6F004-F9BB-4E4C-A023-94BA5E56DF8F} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCR\Interface\{95E0F85F-EFF1-49CC-A2BF-BBF6DAA7992C} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F66C7EC4-63CC-4452-A8C9-5A2E898F8EFF} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F66C7EC4-63CC-4452-A8C9-5A2E898F8EFF} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F66C7EC4-63CC-4452-A8C9-5A2E898F8EFF} (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033254.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033254.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033254.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033254.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\SavepathDeals.MyObjectWithSite (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCR\SavepathDeals.MyObjectWithSite.1 (PUP.Optional.SavepathDeals) -> Quarantined and deleted successfully.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> Quarantined and deleted successfully.
HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\24x7HelpSvc (PUP.Optional.24x7) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440344324454} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550355325554} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully.

Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: ƒRB‡Ô7Cº¶«ƒT¨W -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: Search Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PCFixSpeed (PUP.Optional.PCFixSpeed) -> Data: "C:\Program Files\PCFixSpeed\PCFixTray.exe" /startup -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0T0E0C1F2R0U2Y1R -> Quarantined and deleted successfully.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 4220 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|24x7HELP (PUP.Optional.24x7) -> Data: "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 256
C:\Users\Ken\AppData\Roaming\24x7 Help\skin (PUP.Optional.24x7) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\PCFixSpeed\Translate (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\Program Files\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Delete on reboot.
C:\Program Files\PCFixSpeed\Update (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Program Files\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files\Wajam\Updater (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\defaults\preferences\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\locale\.svn\tmp (Trojan.AdClicker) -> QFireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\data (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\data\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\data\.svn\prop-FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\lib\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\lib\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\lib\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\lib\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\tmp\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\a\tests\.svn\tmp\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn\props (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn\text-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn\tmp (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla FireFox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net\resources\addon-kit\.svn\tmp\prop-base (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Fire

 

[Broni]

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[KenE06]

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MK2555GSX +++++
--- User ---
[MBR] fbb16b68e53e6c7091927efc16246d1f
[BSP] ffab51a609dc2687df086fd8283c0a72 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 229555 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 473202688 | Size: 7419 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - HP v100w USB Device +++++
--- User ---
[MBR] 2205d2b11aefd838b3efadc9d74ccd9d
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1911 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09202013_221010.txt >>
RKreport[0]_S_09202013_215050.txt

 

[Broni]

The above log is incomplete.
Please redo.

MBAR?

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.