win32.androm.bmne found by ZA - unable to update Spybot Professional

[Juliet]

Your ZoneAlarm set up and install came in with unwanted adware.
When you downloaded did you do a standard install?, or a custom install to opt out of the additional toolbars and other offers?

We need to remove those files.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000 (1).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000.exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (1).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (2).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (3).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (4).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (5).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000.exe
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim (1).exe
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Onscreen Office\Downloads\ZASPSetupWeb_120_104_000.exe
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Please post these 2 logs.

 

[CleanTech]

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014 01
Ran by KIP at 2014-02-12 18:01:24 Run:3
Running from C:\Users\KIP.OnscreenOffice\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe
C:\Program Files (x86)\CheckPoint\Install\zatb.exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000 (1).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000.exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (1).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (2).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (3).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (4).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (5).exe
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000.exe
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim (1).exe
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Onscreen Office\Downloads\ZASPSetupWeb_120_104_000.exe
end
*****************

C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe => Moved successfully.
C:\Program Files (x86)\CheckPoint\Install\zatb.exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000 (1).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_102_074_000.exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (1).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (2).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (3).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (4).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000 (5).exe => Moved successfully.
C:\Users\KIP.OnscreenOffice\Downloads\ZASPSetupWeb_120_104_000.exe => Moved successfully.
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim (1).exe => Moved successfully.
C:\Users\Onscreen Office\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
C:\Users\Onscreen Office\Downloads\ZASPSetupWeb_120_104_000.exe => Moved successfully.

==== End of Fixlog ====

CKScanner log:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.VVNAOZ
----- EOF -----

 

[Juliet]

How's the computer now?

 

[CleanTech]

Hi Juliet,

Just encountered one problem: my QB is now not opening stating a Run Time Error on its its qb32.exe file. It says the application requested Runtime to terminate it in an unusual manner.
I will try to reinstall and see what happens.

Google doesn't have the delayed "resolving host" issues anymore.

I think we are good.

Thanks for all your help.

 

[Juliet]

Quick books has a topic on this:
Runtime Error Program C:\Program Files (x86)\Intuit\QuickBooks2010\qbw32.exe
http://support.quickbooks.intuit.com/support/Articles/SLN40370

If the above step does not work, you may have to contact QuickBooks

http://support.quickbooks.intuit.com/Support/
Also refer:
http://support.quickbooks.intuit.com/support/Articles/SLN40084
http://support.quickbooks.intuit.com/support/articles/SLN41177

Let me know what other malware errors you have, if none then we need to do a clean up and give my Preventive tips.

 

[CleanTech]

Hi,
got QB working again.
No other errors at this time.

 

[Juliet]

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

start
DeleteQuarantine:
end

~~~~~~~~~~~~~~~~~~~~~~~

Manually remove any tool that might be left.


~~~~~~~~~~~~

Your good to go, good job!

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

• AdblockPlus, Surf the web without annoying ads!
• Blocks banners, pop-ups and video ads - even on Facebook and YouTube
• Protects your online privacy
• Two-click installation, It's free!
• click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How to prevent Malware: Created by Miekiemoes

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser ([url]http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))[/url]

Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

[CleanTech]

Thanks so much, Juliet.
Will study your preventive tips.
Have a great day!

 

[Juliet]

Glad we could help.

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

 

[Juliet]

Topic reopened

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

[Juliet]

It's been 4 days now, still need help?

 

[Juliet]

Glad we could help.

Since this issue appears resolved ... this Topic is closed.