My first time here. Thanks in advance! Seems like my computer has been lagging much more so as of late.My firewall keeps shutting off like every half hour or so (McAfee). Just started doing that a day or so ago. Everything I've done up to this point is run a virus scan (McAfee Internet Security) which didn't find it and then followed that up with Spybot S&D which found the malware. I then ran Spybot again and it was still there. Registry is backed up and here's the attachment and DDS and aswMBR txts as requested:
See if you can locate this .exe: Its C;\documents and settings\hp\local settings\temp\cgtbtbghg,<----- a folder
The exe inside the folder ---->veyyaloxsik.exe
You can delete the entire folder
Next download and run the free version of Malwarebytes. You can keep it as a anti-malware tool.
Please download the free version of Malwarebytes to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
Look in your add/remove programs panel and uninstall: viewpoint media player.
I couldn't find the .exe you were talking about...I didn't have a hp folder in documents and settings but I did have a hp_owner folder if that means anything. Either way I still couldn't find the .exe.
Files Detected: 5
C:\Documents and Settings\HP_Owner\My Documents\Downloads\flvplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\MUAjx+q4.exe.part (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temp\SCuB1bFj.exe.part (PUP.DownloadAdmin) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Favorites\Free Porn Forum - View Single Post - midget.URL (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Favorites\Free Porn Forum.URL (Rogue.Link) -> Quarantined and deleted successfully.
Hi,
Ok. Good. Malwarebytes took care of that .exe. We will get one more download to use:
Please download Adwcleaner.exe to your desktop.
Double click on AdwCleaner icon.
Click on the Search button
A logfile will automatically open after the scan has finished
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.
# AdwCleaner v2.306 - Logfile created 07/19/2013 at 21:00:21
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUR-03667082DE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\Desktop\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uzdn7qud.default\jetpack
Folder Found : C:\Program Files\Common Files\Software Update Utility
***** [Registry] *****
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v22.0 (en-US)
File : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uzdn7qud.default\prefs.js
Found : user_pref("plugin.blocklisted.npviewpoint", true);
My previous post was before I went to work...i just got home and I noticed that my McAfee firewall was off. I went to turn it on and it won't stay on. As soon and I click to turn it on it goes right back off. Anything I should be worried about?