Keep getting "access to malicious website blocked" messages

[kevinf80]

OK, let me know how you get on.....

[lunatcat]

Good morning. (is it morning where you are?) I'm not getting the instructions for disabling the security system from that link. 

I also have on my desktop something called Mobogenie?  What is that?  I thought maybe my daughter downloaded something but she says no.

[kevinf80]

Yes it is morning for me, current local time 10:30... Go to the following link for list of Security to turn off, does that help?

 

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

MoboGenie is the Android Mobile Phone Manager application, If that is on your PC then someone will have installed it. Have a look at this site for the android phone...

 

http://www.android.net/forum/android-apps/111883-mobogenie-android-phone-manager-cool-app-store.html

[lunatcat]

My daughter must have downloaded it.  So it's nothing I should be worried about?

So I disabled the Avira -- Do I need to do anything to my Malewarebytes program?

[kevinf80]

If Malwarebytes is the pro version you will have to disable realtime protection. Open Mlawarebytes, select "Protection" tab, untick both as per attached image...

 

Mobogenie is OK as far as i`m aware...

 

Don`t forget to reset your security when the scan is finished....

[lunatcat]

Ok I clicked on the first listing - But it didn't give me that window to cut and paste - just ran program - here is the log:

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/10/2013 12:23 PM]
C:\Windows\tasks\DigitalSite.job --a-------- C:\Users\Judy\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\GreatArcadeHits.job --a-------- :C:\Users\Judy\AppData\LoC:al\GreatArC:adeHits\GAHUpdate.exe []
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a-------- [undetermined Task]
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a-------- C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\Windows\tasks\ReclaimerUpdateFiles_Judy.job --a-------- C:\Users\Judy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [09/06/2013 05:47 AM]
C:\Windows\tasks\ReclaimerUpdateXML_Judy.job --a-------- C:\Users\Judy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [09/06/2013 05:47 AM]
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Judy.job --a-------- C:\Users\Judy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [09/06/2013 05:47 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\chwmmje5.default
- Whilokii - %ProfilePath%\extensions\firefox@whilokii.net.xpi
- Avira SearchFree Toolbar plus Web Protection - %ProfilePath%\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\chwmmje5.default
E5AF72B7353FF8D431A7C463A4229524    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll -    Shockwave Flash
A64F2C388DC26BE3E469EDC3657B14F4    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaacalgebmfelllfiaoknifldpngjh - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx[07/26/2013 04:31 PM]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[04/16/2013 03:11 AM]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.0.12\avg.crx[10/06/2013 02:18 PM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://mysearch.avg.com?cid={D866F6DA-6186-452C-BAD3-4CBEA997C794}&mid=755cfbcc63a547d39d30810f1b72cb9d-0ac5f548f87773ae34739c06f1e58a3fc1be2c1d〈=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-06 14:18:33&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://mysearch.avg.com/search?cid={D866F6DA-6186-452C-BAD3-4CBEA997C794}&mid=755cfbcc63a547d39d30810f1b72cb9d-0ac5f548f87773ae34739c06f1e58a3fc1be2c1d〈=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-06"
{A0A9FFC7-089A-4BBD-9471-F64126B6A6CE} KeyBar 1.12 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN23043998551441928&UM=2"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.12\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Judy\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.0.12\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.6.112\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\ASUSWSLoader.exe
O4 - HKLM\..\Run: [OV3_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [OV3_Monitor] -NoStart
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update Whilokii - Whilokii - C:\Program Files (x86)\Whilokii\updateWhilokii.exe
O23 - Service: Util Whilokii - Whilokii - C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.0.12 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== EOF on Mon 10/07/2013 at  6:18:17.65 ======================
 

[lunatcat]

The one that I clicked on was z-analysis.

[kevinf80]

Do not use the one marked z-analysis, use one of the others and copy the script as instructed, Must have been an update to the application.. Sorry about that...

[lunatcat]

OK

Zoek.exe Version 4.0.0.5 Updated 27-September-2013
Tool run by Judy on Mon 10/07/2013 at  6:41:58.23.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Judy\Desktop\zoek(4)\zoek.com [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-07-101817.log    37507 bytes

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://mysearch.avg.com?cid={D866F6DA-6186-452C-BAD3-4CBEA997C794}&mid=755cfbcc63a547d39d30810f1b72cb9d-0ac5f548f87773ae34739c06f1e58a3fc1be2c1d〈=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-06 14:18:33&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://mysearch.avg.com/search?cid={D866F6DA-6186-452C-BAD3-4CBEA997C794}&mid=755cfbcc63a547d39d30810f1b72cb9d-0ac5f548f87773ae34739c06f1e58a3fc1be2c1d〈=en&ds=co011&coid=avgtbdisco&pr=sa&d=2013-10-06"
{A0A9FFC7-089A-4BBD-9471-F64126B6A6CE} KeyBar 1.12 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291325&CUI=UN23043998551441928&UM=2"

==== EOF on Mon 10/07/2013 at  6:44:24.55 ======================
 

[kevinf80]

mmm Is that the full log, did you run Zoek with the following script?

 

 

Process;
emptyclsid;
firefoxlook;
FFdefaults;
Chromelook;
CHRdefaults;
autoclean;
iedefaults;
filesrcm;
startupall;
silentrunners;

[lunatcat]

Well, I did get a message that the program may not have downloaded properly - should I download again and retry?

[kevinf80]

Yes please,

[lunatcat]

I didn't download again -- just retried -- looks like it worked this time -- sending attachment.

zoek-results.log

[kevinf80]

Run Malwarebytes Full Scan, let me see that log. Let me know how system is now running, also if any remaining issues or concerns....

 

Kevin.....

[lunatcat]

It looks ok now

I'll run the malwarebytes -- I'm off to work soon - if it finishes I'll post the log otherwise I'll do it later.

[kevinf80]

Excellent, i`ll be online later see how you`re doing......

[lunatcat]

System looks good -- here's log:

 Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Judy :: JUDYS [administrator]

Protection: Enabled

10/7/2013 8:16:41 AM
mbam-log-2013-10-07 (08-16-41).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379544
Time elapsed: 51 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 50
C:\AdwCleaner\Quarantine\C\Program Files (x86)\KeyBar_1.12\KeyBar_1.12ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MixiDJ_V30\MixiDJ_V30ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPHook32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Conduit\CT3298566\MixiDJ_V30AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\ctbe.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\ffLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\ieLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\spff.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\statisticsStub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3291325\stub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\ctbe.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\ffLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\ieLogic.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\spff.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\statisticsStub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Temp\CT3298566\stub.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\SPHook32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsc6D08.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsd53FD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsj49D8.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsmA79B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsn617C.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsq49B7.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsrCC9B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\nsu52E2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 

[kevinf80]

See if you can delete the tools we`ve used, should either be on your Desktop or in the Downloads folder. empty the recycle bin when finished...

 

Also navigate start > computer > C:\  > if this folder is present FRST also delete that....

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

[lunatcat]

You mean I"m not done!  I'll do that after dinner.

Tell me where does the donation via paypal go -- does it go to you directly?

Can you tell me -- with my malewarebytes pro -- I can use it for more than one computer -- so if my daughter needs it she can download it with my id/key?

[kevinf80]

Regarding Malwarebytes Pro, depends on the key you bought, was it a single or multiple version license key?

 

Regarding being done, even with no remaining issues i`d still like to make sure your system is good to go, Security checks will give feedback on your security, also if Java, Adobe, Flash etc are all current and up to date. If you would rather just leave that alone just say....

 

Regarding the Paypal donation, yes the full amount goes to my account. From there 60% goes to a charity I support at Newcastle RVI. I`ve had major brain surgery there myself twice so am very happy to give my support....

[lunatcat]

Just anxious to be done!

I seem to remember having a multi license - I suppose it will tell her when she tries to download.

Here is the log:

 Results of screen317's Security Check version 0.99.74  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
Avira Desktop      
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.8.800.168  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

[kevinf80]

Well that looks good to me, one point Avira requires on access enabling, Other that that you should be good to go....

 

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

[lunatcat]

Thanks, I'll look this info over tomorrow.

One thing - I don't understand what access enabling is.

I'll let you know about closing thread.

Judy

[kevinf80]

As far I`m aware it means realtime protection is OFF, have a read of the following link:

 

http://en.kioskea.net/faq/15757-antivir-avira-disable-real-time-protection

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!