PUM.Bad.Proxy / Registery Value Infected

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Sun 20 Nov 2011, 12:47 pm

I was having a problem with computer freezing and at the time it did not have a virus. I was getting help in another forum. Now I have a virus and scanned with Malwarebytes. They advised me to get help with this problem before proceeding. Please advise. Thank you.

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8197

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

11/19/2011 8:33:36 PM
mbam-log-2011-11-19 (20-33-36).txt

Scan type: Quick scan
Objects scanned: 157617
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Mon 21 Nov 2011, 5:15 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
**********************************************************
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Mon 21 Nov 2011, 11:24 am

I am probably not supposed to do this on one thread but I am trying to scan both of my laptops....while I am sitting here. The one that had the problem (Dell Vostro 1500 / Vista) has 5 threats so far... but I am having trouble scanning because there is another problem involved.
The other one, Dell Latitude D600/ Windows XP which to my surprise has 362 threats. The Latitude does not open a notepad automatically like instructed after the scan is done. I looked in Notepad to see if the log was there but it was not. How can I get this to open like it should? Thank you!

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Mon 21 Nov 2011, 12:26 pm

Please run the scan on one computer only. It's too confusing to try to clean both in the same thread.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Mon 21 Nov 2011, 1:57 pm

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19154
Run by samara at 21:54:32 on 2011-11-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1494 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Verizon SMB Toolbar: {a057a204-bacc-4d26-dfc4-79a09bf76bc9} - c:\progra~1\vzsmbtb\vzsmbtb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
TB: Verizon SMB Toolbar: {a057a204-bacc-4d26-dfc4-79a09bf76bc9} - c:\progra~1\vzsmbtb\vzsmbtb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18B47DAD-4987-40DC-94F6-ED33FB4887AF} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F9F4116B-452C-4C14-99FD-80A8579E3DFC} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-17 21504]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-20 23:08:17 -------- d-----w- c:\users\samara\appdata\roaming\SUPERAntiSpyware.com
2011-11-20 22:40:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-20 22:39:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-18 03:05:47 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-11-14 01:45:43 -------- d-sh--w- C:\found.004
2011-11-11 23:55:17 -------- d-----w- c:\users\samara\appdata\roaming\B9B9C
2011-11-11 23:42:15 -------- d-----w- c:\program files\B9B9C
2011-11-11 23:41:05 -------- d-----w- c:\users\samara\appdata\roaming\46AB9
2011-11-11 23:41:05 -------- d-----w- c:\program files\LP
2011-11-09 23:20:43 -------- d-sh--w- C:\found.003
2011-11-09 18:28:19 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef06b72f-5061-4ae1-9bdf-28514415b6d4}\mpengine.dll
2011-11-09 18:22:22 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:22:21 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 18:22:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-25 18:14:18 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
.
==================== Find3M ====================
.
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:56:02.24 ===============

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Mon 21 Nov 2011, 1:58 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/16/2007 10:42:03 AM
System Uptime: 11/20/2011 9:40:09 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0NX907
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 108.877 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.001 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1519: 11/9/2011 1:22:39 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Broadcom Management Programs
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell Driver Download Manager
Dell Network Assistant
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Epson Easy Photo Print 2
EPSON NX100 Series Printer Uninstall
EPSON Scan
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IntelliMover
Java(TM) SE Runtime Environment 6
Kaspersky Internet Security 2011
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
OutlookAddinSetup
ParetoLogic Privacy Controls
Product Documentation Launcher
QuickSet
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Verizon SMB Toolbar
Walmart MP3 Music Downloads
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
.
==== End Of File ===========================

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Tue 22 Nov 2011, 7:05 am

I would also like to see the SAS and Security Check logs.

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

:Files

C:\found.004
C:\found.003

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**********************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Tue 22 Nov 2011, 11:07 am

========== OTL ==========
========== FILES ==========
C:\found.004 folder moved successfully.
C:\found.003 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11212011_190627

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Tue 22 Nov 2011, 11:47 am

ComboFix 11-11-21.01 - samara 11/21/2011 19:20:10.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1025 [GMT -5:00]
Running from: c:\users\samara\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\2994\27EE.tmp
c:\program files\LP\2994\66F3.tmp
c:\program files\LP\2994\D6D.tmp
c:\programdata\SPL18F2.tmp
c:\programdata\SPL2119.tmp
c:\programdata\SPL2179.tmp
c:\programdata\SPL236.tmp
c:\programdata\SPL3AB3.tmp
c:\programdata\SPL6385.tmp
c:\programdata\SPL6F38.tmp
c:\programdata\SPL989B.tmp
c:\users\samara\Documents\~WRL0004.tmp
c:\users\samara\Documents\~WRL0430.tmp
c:\users\samara\Documents\~WRL0928.tmp
c:\users\samara\Documents\~WRL1462.tmp
c:\users\samara\Documents\~WRL1608.tmp
c:\users\samara\Documents\~WRL2136.tmp
c:\users\samara\Documents\~WRL3999.tmp
c:\users\samara\Documents\~WRL4041.tmp
c:\users\samara\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\samara\AppData\Local\temp
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 00:06 . 2011-11-22 00:06 -------- d-----w- C:\_OTL
2011-11-20 23:08 . 2011-11-20 23:08 -------- d-----w- c:\users\samara\AppData\Roaming\SUPERAntiSpyware.com
2011-11-20 22:40 . 2011-11-20 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-20 22:39 . 2011-11-20 22:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-18 03:05 . 2007-06-29 09:22 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-11-11 23:55 . 2011-11-13 21:46 -------- d-----w- c:\users\samara\AppData\Roaming\B9B9C
2011-11-11 23:42 . 2011-11-21 01:54 -------- d-----w- c:\program files\B9B9C
2011-11-11 23:41 . 2011-11-13 21:58 -------- d-----w- c:\users\samara\AppData\Roaming\46AB9
2011-11-11 23:40 . 2011-11-11 23:40 -------- d-----w- c:\windows\Sun
2011-11-09 18:28 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF06B72F-5061-4AE1-9BDF-28514415B6D4}\mpengine.dll
2011-11-09 18:22 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:22 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 18:22 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 03:29 . 2011-11-06 03:29 -------- d-----w- c:\programdata\WindowsSearch
2011-10-25 18:14 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-14 19:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-14 19:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-14 19:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-14 19:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-14 19:22 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-14 19:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-14 19:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-14 19:22 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2009-08-05 01:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-14 19:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 19:21 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-14 19:21 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-14 19:21 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-25 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
backup=c:\windows\pss\Dell Network Assistant.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^samara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]
path=c:\users\samara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 09:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-10-10 00:56 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCJCATS]
2006-10-20 23:45 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-06-29 09:22 154392 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-06-29 09:22 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 22:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-06-29 09:22 133912 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-06-27 10:17 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-25 03:04 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2007-09-19 04:55]
.
2011-11-22 c:\windows\Tasks\User_Feed_Synchronization-{A4DF7D5A-A948-417C-8415-C702524E3D61}.job
- c:\windows\system32\msfeedssync.exe [2011-10-14 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-21 19:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-21 19:38:38
ComboFix-quarantined-files.txt 2011-11-22 00:38
ComboFix2.txt 2010-02-27 01:43
.
Pre-Run: 116,732,010,496 bytes free
Post-Run: 116,495,503,360 bytes free
.
- - End Of File - - E8CB5421758F35EF323268F7DB5E0235

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Tue 22 Nov 2011, 11:58 am

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Tue 22 Nov 2011, 12:59 pm

Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) SE Runtime Environment 6
Adobe Reader 8 (Adobe Reader out of date!)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
Kaspersky Lab Kaspersky Internet Security 2011 klwtblfs.exe
``````````End of Log````````````

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Wed 23 Nov 2011, 8:46 am

After about 15min of scanning with malwarebytes, the program stops. It does not finish scanning. Have to manuelly shut down. Do you think I can run malwarebytes in Safemode or can I do something else so that it will run longer. Please advise.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Wed 23 Nov 2011, 10:16 am

Please try running MBAM in Safe Mode.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Sat 26 Nov 2011, 6:03 am

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8212

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19154

11/25/2011 10:08:50 AM
mbam-log-2011-11-25 (10-08-49).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 297242
Time elapsed: 53 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Sat 26 Nov 2011, 8:20 am

Unable to update Adobe.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found



Last edited by Vista on Sat 26 Nov 2011, 8:35 am; edited 1 time in total

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Sat 26 Nov 2011, 8:33 am

Unable to update Adobe.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Sat 26 Nov 2011, 10:51 am

Please tell me what's happening with your computer now.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Sun 27 Nov 2011, 2:45 am

I am having a problem with a white screen now. If I click on something to soon, the white screen pops up and says not responding. Before if I would do that the internet page would still be in the background and the screen would have a frosted look... not all white like it is now. Anyway, nothing would work. The cursor would just stay as an arrow or it would be the hour glass. The only thing I can do is shut it down manually. Not sure if this is part of this forum or another forum. Please advise.
I will scan the ESET scan now..... it does not seem to want to cooperate. I will have to try later.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Sun 27 Nov 2011, 1:17 pm

You could try this one.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives


5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Tue 29 Nov 2011, 9:46 am

Tried scanning with ESET but it just stopped scanning. The clock on the scan continued to move but the actually scan stopped. Then it went to the BLUE screen with white letters stating Windows had to shut down to protect further damage. Could not read the rest it went so fast. Tried the Kaspersky scan but it just stopped scanning too. It seems it gets to a certin point... maybe 5-10min. then it just stops. Not sure why it keeps doing that. Please advise.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Tue 29 Nov 2011, 11:11 am

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Tue 29 Nov 2011, 1:33 pm

I can get it to the desktop but a pop up says Windows cannot access the specified device, path or file. You many not have the appropriate permissions to access the item.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Superdave on Tue 29 Nov 2011, 2:08 pm

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator


You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run ESET.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Wed 30 Nov 2011, 1:51 am

OK. Did the Rkill scan and then did the ESET scan and it only went to 5% scanning progress and then stopped. I have tried this several times after manually shutting down computer. It seems it gets to a certin point then it crashes and the blue screen pops up stating (I think?):
Kernal Stack image error Doesn't stay up long enough to read the whole thing.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Vista on Wed 30 Nov 2011, 2:11 am

It is scanning now ESET at 34% hopefully it will complete the scan since this is the farthest it ever went.

Vista

Senior Surfer
Senior Surfer

Posts : 341
Joined : 2009-02-13
Operating System : Windows 8

View user profile

Back to top Go down

Solved Re: PUM.Bad.Proxy / Registery Value Infected

Post by Sponsored content Today at 7:38 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum