Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Jul 2014
    Posts
    2
    Points
    0

    Default Computer shuts off suspect virus

    Hello

    Mick here on behalf of my mum "Moya" who is experiencing all sorts of difficulties with her

    DELL INSPIRON M5110 (laptop)
    Windows 7 Home Premium SP1
    AMD-A8-3500M processor
    HD Graphics 1.5G
    RAM is 8.0G but says 7.48G usable
    64 bite always been able to get me sorted o
    I thought that I get her hooked up with you guys as you've always been able to get me sorted out with issues like this

    some things that I have found out are

    # the system just shuts off like the plug has been pulled
    # a notification from a windows/installer tries to run but is stopped by an "unknown Publisher" message
    # she has admitted to paying online 400 bucks for a program called "System Repair" (looks like a scam to me)
    # the system is now running MSE not Avast
    # sounds like a lot of malware also

    Logs Follow

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:26:41 AM, on 2/07/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17126)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Users\Moya\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\SysWOW64\brsvc01a.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: Start BT in service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12499 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/02/2014 at 11:16 AM

    Application Version : 5.7.1026

    Core Rules Database Version : 11346
    Trace Rules Database Version: 9158

    Scan type : Quick Scan
    Total Scan Time : 00:02:42

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 656
    Memory threats detected : 0
    Registry items scanned : 57344
    Registry threats detected : 0
    File items scanned : 7804
    File threats detected : 29

    Adware.Tracking Cookie
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\8VF8MZ2N.txt [ /adjuggler.net ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\2KU5GPXL.txt [ /adtechus.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\DSRZD2IU.txt [ /rvz1.rotator.hadj7.adjuggler.net ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\ELS9CTWV.txt [ /histats.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\YLY05VN7.txt [ /atdmt.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\0FPEONGR.txt [ /imrworldwide.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\OD39D2VU.txt [ /ads.yahoo.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\JWX1QPEU.txt [ /doubleclick.net ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\5ZBO3F36.txt [ /msnportal.112.2o7.net ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\83W71QV5.txt [ /tribalfusion.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\X9I0C9OG.txt [ /bs.serving-sys.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\LKKIV34S.txt [ /ads.pubmatic.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\IXTC0ROW.txt [ /smgadserver.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\7PFXPVMH.txt [ /serving-sys.com ]
    C:\Users\Moya\AppData\Roaming\Microsoft\Windows\Cookies\PPIWB6NK.txt [ /ru4.com ]

    PUP.InstallCore/Variant
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\ICREINSTALL_NSBA4BA.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\ICREINSTALL_NSBAB6E.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\ICREINSTALL_NSMCE0.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\ICREINSTALL_NSWA0F3.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\NSBA4BA.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\NSBAB6E.TMP
    C:\USERS\MOYA\APPDATA\LOCAL\TEMP\NSWA0F3.TMP
    C:\USERS\MOYA\DESKTOP\CONTINUE VUUPC INSTALLATION.LNK
    C:\USERS\MOYA\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\1WSZT551\SETUP[1].EXE
    C:\USERS\MOYA\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YJ2QX83V\SETUP[1].EXE
    C:\USERS\MOYA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1WSZT551\SETUP[1].EXE
    C:\USERS\MOYA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\YJ2QX83V\SETUP[1].EXE
    C:\windows\Prefetch\NSBA4BA.TMP-F8474D46.pf
    C:\windows\Prefetch\NSBAB6E.TMP-923ABD64.pf


    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 2/07/2014
    Scan Time: 10:14:24 AM
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.01.09
    Rootkit Database: v2014.07.01.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Moya

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 281643
    Time Elapsed: 12 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.VOPackage.A, C:\Users\Moya\AppData\Roaming\VOPackage\VOsrv.exe, 2660, Delete-on-Reboot, [1647bedcdc9fc472aebf773de220ab55]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 5
    PUP.Optional.Babylon.A, HKU\S-1-5-21-3909766871-1343600713-4014618576-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [d885405a483333031faae4659f6321df],
    PUP.Optional.SilenceInstall, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [cc91e3b75c1ffd39db09f545a45c4db3],
    PUP.Optional.VOPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vosr, Quarantined, [1647bedcdc9fc472aebf773de220ab55],
    PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{47351c22-0d6c-4658-a617-795d251145e2}w64, Quarantined, [98c5c8d2017ad85e971b56b4cc38d52b],
    PUP.Optional.SuperFish.A, HKU\S-1-5-21-3909766871-1343600713-4014618576-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [7fdea6f4ccafac8ad56c9d134ab8966a],

    Registry Values: 1
    PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-3909766871-1343600713-4014618576-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BlockAndSurf, C:\Program Files (x86)\-BlockAndSurfS\BlockAndSurf.exe, Quarantined, [86d7c7d352292b0bde19c9ec729001ff]

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, Quarantined, [45186634e299270f7d97f1cb28da758b],

    Files: 10
    PUP.Optional.SilenceInstall, C:\Users\Moya\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [cc91e3b75c1ffd39db09f545a45c4db3],
    PUP.Optional.SilenceInstall, C:\Users\Moya\AppData\Roaming\VOPackage\VOPackage.exe, Quarantined, [1548f8a2493283b309dbb3879a669868],
    PUP.Optional.YourfileDownloader.A, C:\Windows\System32\Tasks\YourFile DownloaderUpdate, Quarantined, [37262f6bdaa1a195dc462b862dd541bf],
    PUP.Optional.VOPackage.A, C:\Users\Moya\AppData\Roaming\VOPackage\VOsrv.exe, Delete-on-Reboot, [1647bedcdc9fc472aebf773de220ab55],
    PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, Quarantined, [45186634e299270f7d97f1cb28da758b],
    PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, Quarantined, [45186634e299270f7d97f1cb28da758b],
    PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk, Quarantined, [45186634e299270f7d97f1cb28da758b],
    PUP.Optional.Superfish.A, C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [005d7a201665a78f78a12b9123df7987],
    PUP.Optional.Superfish.A, C:\Users\Moya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [5b022e6cd0ab23138990922a59a929d7],
    PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{47351c22-0d6c-4658-a617-795d251145e2}w64.sys, Quarantined, [98c5c8d2017ad85e971b56b4cc38d52b],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Mick,

    I do apologize for the delay in responding. Not a very good first impression, I fear.. The 4th of July Holiday and summer vacations have rendered us short on help. You were not intentionally overlooked.

    @ Moya,

    Hi Moya! Pleasure to meet you! Welcome to Help2Go!!

    It looks like we have quite a bit of adware and some PUP's (Potentially Unwanted Programs) from the looks of the logs. SuperantiSpyware and Malwarebytes did a nice job cleaning those up. Let's run to following 2 programs to remove what the above programs may have left behind.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Next:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    In your next reply, please post the following logs so I can have a look see:

    AdwCleaner[R0].txt
    OTL.txt
    Extras.txt


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Jul 2014
    Posts
    2
    Points
    0

    Default

    Hello Donna,

    Sorry about the delay but the laptop CPU fan has failed (probably why it kept on shutting down)...luckily the unit is still under warranty so it will be sent for repair/replacement ... if repair, then it will more than like still have the same malware issues, but dont know whether you'd like to close the post or keep it open until the unit is returned

    Mick and Moya

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Mick and Moya,

    I'm sorry to hear about the fan failure. I'll just bet that is why the laptop just shut off as if the plug was pulled. I'm sure that was due to overheating. How was the $400 paid? I wonder if that payment could be refutted in some way to get the money back. I'm quite sure that was a scam. If paid by credit card, there is a possibility the funds could be reimbursed.

    Yes, let's go ahead and keep this thread open just in case....

    If you no longer need our services after the laptop is returned to you, I'd still be interested to know the results from the repair.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"