Mine is mild by Comparison no doubt

[BoundGirlie]

i have and use Norton Internet Security 2011 and that's my antivirus as well. Well long story short i installed Malwarebytes yesterday and it detected the before mentioned threats at least one of which is on an old hard drive that's the slave drive of this computer but used to be the primary drive of my old old one. anyways my question is this...once i delete these, since they weren't detected by Norton what's to stop them from just coming back; since it can't detect them?

 

[Jack]

anyways my question is this...once i delete these, since they weren't detected by Norton what's to stop them from just coming back; since it can't detect them?

Anything in quarantine is safely segregated from the rest of your computer, it cannot run from there, so it can do no harm. 


Now let's make sure your computer doesn't have any malicious files.


What's next?


STEP 1: Download and scan with HitmanPro

1. Please download the latest official version of HitmanPro.
   <a href="http://www.surfright.nl/en/downloads" target="_blank"> <img src="http://malwaretips.com/images/removalguide/downloadnow.gif"> </a>
2. Start Hitman Pro by clicking on the previously downloaded file.
   NOTE : If you have problems starting Hitman Pro, use the “Force Breach” mode. Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process. (How to start Hitman Pro in Force Breach mode - video)
   
   
   
   
   
3. Click Settings to proceed to the application scan options. Note that Hitman Pro 3 is free to use for the first 30 days, after which time it will prompt you to purchase a licence key.
   In the Settings menu, ensure that the options "Create Restore Point Before Removing Files" is checked, and click OK. Click Next to continue to the scan.
   
   
   
   
   
4. The Setup screen is displayed. Here, you can decide whether or not you wish to install Hitman Pro 3 on your system. To proceed with installation, select Yes,create a copy of Hitman Pro so I can regularly scan this computer .Click Next to continue.
   
   
   
   
   
5. Hitman Pro will start scanning your system for Security Defender malicious filles. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
   
   
   
   
   
6. Once the scan is complete, a summary of detected malicious files is displayed.
   
   
   
   
7. Click Next to start removing the infected files.HitmanPro will now cleanse the infected files, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 2: Download and scan with Emsisoft Emergency Kit

1. Please download the latest official version of Emsisoft Emergency Kit.
   
   <a href="http://download11.emsisoft.com/EmsisoftEmergencyKit.zip" target="_blank"> <img src="http://malwaretips.com/images/removalguide/downloadnow.gif"> </a>
   
2. After the download process will finish , you'll need to unpack EmsisoftEmergencyKit.zip
   
   
3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
   
   
4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the "Yes" button.
   
   
   
   
   
   
   
   
   
   
5. After the Update process has completed , put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".
   
   
   
   
   
6. Select "Deep scan" and click-on the below "SCAN" button.
   
   
   
   
   
7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.
   
   
   
8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
   Make sure that everything is Checked (ticked) and click on the 'Quarantine selected objects' button.
   
   
9. Emsisoft Emergency Kit will now start removing the malicious files.
   If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

STEP 3: Run a OTL scan

1. Please download OTL and save it to your Desktop.
   
2. Right-click on OTL.exe and select Run as Administrator to start OTL.
3. Double click on OTL.exe to run it.
4. Under Output, ensure that Minimal Output is selected.
5. Under Extra Registry section, select Use SafeList.
6. Click the Scan All Users checkbox.
7. Click on Run Scan at the top left hand corner.
8. When done, two Notepad files will open.
   • OTListIt.txt <-- Will be opened
   • Extra.txt <-- Will be minimized
9. Save the scan log somewhere that you can find it.

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1. Report on what Hitman Pro has found
2. Emsisoft Emergency Kit log
3. OTL.txt
4. Extras.txt

 

[BoundGirlie]

Well my first question is, what's an OTL scan? My Second question is wont my having Norton and then adding hitman, and then adding emsisoft and then adding what this OTL thing is conflict? And lady, it seems that the free version of malwarebytes works in the background and blocks thing because a bit ago i was just on a site and it blocked something. Wont that do the trick? i actually didn't know it did that.

 

[BoundGirlie]

Ok the first one, Hitman Pro, found 57 threats and traces, most of which were cookies but i believe it found a couple of adware things, the one Emsisoft so far has found 91 threats and traces, some in the registry, some cookies, one of them was an adware type trojan it described it as....however it's still going...it's up to about 235,000 files scanned and i have watched other scans and well i have a great deal more than that so i think this will take awhile but i'm glad to do some computer spring cleaning

 

[Chiron]

Ok the first one, Hitman Pro, found 57 threats and traces, most of which were cookies but i believe it found a couple of adware things, the one Emsisoft so far has found 91 threats and traces, some in the registry, some cookies, one of them was an adware type trojan it described it as....however it's still going...it's up to about 235,000 files scanned and i have watched other scans and well i have a great deal more than that so i think this will take awhile but i'm glad to do some computer spring cleaning

You can ignore cookies. They're not a real security threat.

Let us know what they find when they're done.

 

[Jack]

1.OTL is a diagnostic and malware removal tool than will allow me to see if there are any active or left over malicious files on your system that the traditional scanners might have missed.
2. Malwarebytes Free, Hitman Pro and Emsisoft Anti-Malware are second opinion malware scanners (on-demand scanners) that can be used to check your system for possible threats that your anti-virus program might have missed.The core difference to conventional antivirus software is the fact that it scans the PC but does not add protection to the operating system at the same time so it won't conflict with your running antivirus program.
3. Malwarebytes doesn't offer any kind of real-time protection in the FREE version. Did you start a trial? If you did ,most likely Malwarebytes Anti-Malware is blocking your computer from connecting to some malicious IP's through while your browsing the web.

Ok so this is what I need.
Please run one scan at a time with Malwarebytes , Hitman Pro and Emsisoft Anti-Malware and remove the malicious files as they are found.
Next please run a OTL scan and post also the log in here.
You have all the instructions in my first post.

 

[BoundGirlie]

Thank You very much, Emsisoft is still scanning actually, another few hours and it'll be at 24 hours of scanning , i haven't done the otl yet because emsi isn't done.

 

[BoundGirlie]

it says 1% at the bottom scale and has scanned just shy of 2 million 1 hundred thousand files. Most other scanners are done by now but by this unless that bottom percent means something else it wont be done for a few days or longer, does it normally take this long?

 

[Jack]

Well, most likely it won't take 24 hours to complete but a few hours it surely will, so in order to avoid this nightmare lets do some cleaning first and then move on with a Emsisoft Anti-Malware Smart Scan


Download and install CCleaner from here
Once installed, simply click on the Run Cleaner button at the bottom right.

You will be notified that CCleaner is about to permanently remove files from the system. Click OK to proceed.
After this running Ccleaner please perform a Smart Scan, then do the OTL scan.

 

[BoundGirlie]

i did the CC cleaner and attached is what Emsisoft found. I think i followed the instructions to attach TY to Jack btw for being patient

 

[BoundGirlie]

Ok All scans are done and connected are the findings. opinions please

 

[Jack]

O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 11299 more lines...

Lol... your hosts file is messed up but don't worry we will fix it...
Give me sometime to look through all the log and then I'll provide a fix....In the mean time please refrain yourself from installing any other toolbars .. I think you have enough already

 

[BoundGirlie]

oh yeah i do have a few the only one i really use on a regular basis is the yahoo tool bar all the others piggy backed on something no doubt. Thank You, i appreciate any help you all can give

 

[Jack]

There aren't any sings of active malicious files in your log however there are signs of residual damage and some crapware that you should remove/uninstall.

Step 1: Run the OTL Fix

1. Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:
   
   
   

   :OTL
   O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
   O3 - HKU\S-1-5-21-1189801336-2896965078-2594968202-1000\..\Toolbar\WebBrowser: (no name) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - No CLSID value found.
   O3 - HKU\S-1-5-21-1189801336-2896965078-2594968202-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
   O3 - HKU\S-1-5-21-1189801336-2896965078-2594968202-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
   O4 - HKLM..\Run: []  File not found
   O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
   O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
   O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
   O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69FF1CA4-711D-49B6-971C-4FAF8CD49ECF}: DhcpNameServer = 75.75.75.75 75.75.76.76
   
   :Services
   
   :Reg
   
   :Files
   
   :Commands
   [RESETHOSTS]
   [purity]
   [emptytemp]
   [EMPTYFLASH]
   [Reboot]

   
   
2. Then click the Run Fix button at the top
3. Let the program run unhindered, reboot the PC when it is done
4. Once you see a message box "Fix complete! Click OK to open the fix log."
5. Click the OK button
6. The log will open in Notepad (your default text editor).
7. Save the log. Post a copy of that log in your next reply.
   
   
   Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
   
   If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2 : Update Java


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• From the list, select your OS and Platform (32-bit or 64-bit).
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features

• in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
  
  Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
  To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
  
  To test your Java Run-time, you may go to this page
  
  
  Step 3 : Scan with ESET Online Scanner
  
  
  You can start a online scan with ESET Online Scanner from here
  
  Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start .
  • Click Scan.
  • Wait for the scan to finish.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  
  Re-scan with OTL after this steps and post a fresh OTL log.