Rootkit: Virut E.1

[NNEagle]

Hello Team,

I had downloaded UnHackMe from Giveaway of the Day,trial version, as I was not able to download it on the same day. After running a scan, it detected this  rootkit. I sent a log to the support team who sent me a RNR file to help in removal of this rootkit. Nothing gets removed but I keep getting a pop up on my laptop of this rootkit instead. When I try to exit, a window pops up with prices for the removal tool. I shut it down but it pops up again within a minute.

# AdwCleaner v4.106 - Report created 05/01/2015 at 07:41:53
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : dell - DELL-PC
# Running from : C:\Users\dell\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files\Uniblue

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAVESENSELIVE.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDS.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSTEROIDSSERVICE.EXE

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v31.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.95


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R1].txt - [6929 octets] - [28/12/2014 06:33:44]
AdwCleaner[R2].txt - [926 octets] - [28/12/2014 06:45:07]
AdwCleaner[R3].txt - [1589 octets] - [30/12/2014 04:53:00]
AdwCleaner[R4].txt - [1997 octets] - [31/12/2014 08:33:15]
AdwCleaner[R5].txt - [2152 octets] - [05/01/2015 07:30:58]
AdwCleaner[R6].txt - [2212 octets] - [05/01/2015 07:35:01]
AdwCleaner[S1].txt - [6599 octets] - [28/12/2014 06:37:59]
AdwCleaner[S2].txt - [986 octets] - [28/12/2014 06:50:22]
AdwCleaner[S3].txt - [1553 octets] - [30/12/2014 04:56:46]
AdwCleaner[S4].txt - [2257 octets] - [31/12/2014 08:53:08]
AdwCleaner[S5].txt - [1891 octets] - [05/01/2015 07:41:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1951 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/01/2015
Scan Time: 7:47:10 AM
Logfile: MB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.01
Rootkit Database: v2014.12.30.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: dell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305688
Time Elapsed: 11 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe, , [0bbaac47c1c87db96615854832d16e92],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe, , [1fa6c52e7c0d60d62f02a08525df6b95],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg, , [933211e2c8c170c6f751ff492bd903fd],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE, , [55700be84b3ef64048371116d92b9d63],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE, , [18adaf4436534beb7c11b4745ba9d12f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE, , [02c3a54e7b0e37ff4f5c3bedbc48a55b],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE, , [7c49ec079eebd462bc49da4f927227d9],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE, , [dee792610188a393a9ffef3b996b30d0],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE, , [c1048e654c3d77bf50906cbedf25eb15],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOSTS.EXE, , [08bd8e658207b68021c04ae061a3d52b],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE, , [f2d3787bbbceb185e79e77b49173f709],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 CCleaner     
 Java 7 Update 51 
 Java version 32-bit out of Date!
 Adobe Flash Player    16.0.0.235 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox 31.0 Firefox out of Date! 
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]


Thank you for your time

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please uninstall UnHackMe.
*********************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
************************************************
Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials   All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*********************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*******************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

[NNEagle]

Hello Dave,

Thank you.

I did not download any of the anti virus as I have a paid edition of Net Protector 2015 which is an anti virus plus total internet security.

 Logs as requested.

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by dell on 06/01/2015 at  6:34:44.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savesenselive.exe



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\dell\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\dell\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Program Files\software informer"



~~~ FireFox

Successfully deleted the following from C:\Users\dell\AppData\Roaming\mozilla\firefox\profiles\1jnxtmoz.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1392600912);
user_pref("extensions.defaulttab.useNewTabWhiteLis t", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/01/2015 at  6:38:30.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.06.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
dell :: DELL-PC [administrator]

06/01/2015 7:42:49 AM
mbar-log-2015-01-06 (07-42-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 308365
Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe (Security.Hijack) -> Delete on reboot. [ce5b698b7f0ac37328b19c32d033c23e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe (Security.Hijack) -> Delete on reboot. [e54426ceb2d70f279af552d4aa5a837d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg (Security.Hijack) -> Delete on reboot. [33f64da77811ef47c1e5a9a05da7a25e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE (Security.Hijack) -> Delete on reboot. [0d1cdd177c0d04326677f92fab5902fe]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE (Security.Hijack) -> Delete on reboot. [16138d67f4950f27c328d158669e4fb1]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE (Security.Hijack) -> Delete on reboot. [9396e31151383afcd2371515e61ec838]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE (Security.Hijack) -> Delete on reboot. [f336af45fb8ece6860032dfdb84c4db3]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE (Security.Hijack) -> Delete on reboot. [969324d096f33600eb1bca6218ec50b0]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE (Security.Hijack) -> Delete on reboot. [53d68371098076c03c02b478ec18a45c]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOSTS.EXE (Security.Hijack) -> Delete on reboot. [a485866efe8b40f6b38c4ce0897bf30d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE (Security.Hijack) -> Delete on reboot. [59d041b3a1e892a4da099a92a85c6c94]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.06.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
dell :: DELL-PC [administrator]

06/01/2015 8:04:00 AM
mbar-log-2015-01-06 (08-04-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 308361
Time elapsed: 15 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[SuperDave]

Net Protector 2015 which is an anti virus plus total internet security.

Are you getting this from your ISP? I've never heard of it. Judging from the logs it's not doing such a good job.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[NNEagle]

EST Scan results

C:\!KillBox\asc-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\!KillBox\Advanced SystemCare Pro 6\asc-setup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AdvancedSystemProtector.exe.vir   a variant of MSIL/AdvancedSystemProtector.E potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AspManager.exe.vir   a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\ASPUninstall.exe.vir   a variant of Win32/Systweak.K potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\filetypehelper.exe.vir   a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\scandll.dll.vir   a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\SSDPTstub.exe.vir   Win32/Systweak.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.com.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\firefox.com.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\iexplore.exe.vir   MSIL/AdvancedSystemProtector.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\DefaultTab\DefaultTab.crx.vir   Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\CleanSchedule.exe.vir   Win32/Systweak.O potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RCPUninstall.exe.vir   a variant of Win32/Systweak.K potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RegCleanPro.exe.vir   a variant of Win32/Systweak potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Program Files\The weDownload Manager\49074.xpi.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir   a variant of Android/Mobserv.A potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\102_dealply_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\103_intext_5_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\104_jollywallet_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\105_corticas_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\123_intext_adv_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\155_ibario_pops_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\184_noproblemppc_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\191_ciuvo_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\217_similar_products_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\223_imonomy_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\224_beacon_pops_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\226_set_campaign_id_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\1jnxtmoz.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\Plugins\NPCONDUITFIREFOXPLUGIN.DLL.VIR.mal   a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Users\dell\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir   Win32/Systweak.G potentially unwanted application
C:\!KillBox\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir   a variant of Win32/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe.vir   Win32/SpeedUpMyPC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe.vir   Win32/SpeedUpMyPC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sp_ubm.exe.vir   Win32/SpeedUpMyPC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sump.exe.vir   Win32/SpeedUpMyPC potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\092689149c24f71d74a3076ccf92132d_195072.npb   a variant of Win32/DealPly.S potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\10ab5b8549d8e8abcb822ca1e954c0f0_257904.npb   Win32/Systweak.F potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\224889bce6caf8a44e6da0c46a85e45d_1598.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\23d289b64941994d48cb2ddadd72fdfc_1562.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\28493abd37256b669cb50468f5134a87_206624.npb   a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\2d7c1661961ce19085b6a968b1b293d4_572928.npb   a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\48d624480946e6de3bfcfa1612446da8_117872.npb   Win32/ELEX.AR potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\4eb2c1b2f97f3a9e39faa54f1fef9c2b_77312.npb   a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\75ed33031a4905b1a75f34b5257c460e_206856.npb   a variant of Win32/DealPly.M potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\78639a992d9318cbb63571168f768dc6_1598.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\7a5d67862ab90a914e44b5aeb4aba97f_1580.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\8ac234994d4e034de5ca90c6c2aa524c_591528.npb   MSIL/AdvancedSystemProtector.D potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\8c8455a705b1d1866cad135759b82d20_1586.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\a25acd29fa673fcc807a763bf01fba17_1588.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\a9d8318ee7d8d2292590832e2c12d0ba_1572.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\aaf6b888c091c323a617e5ac64e0c98e_775872.npb   a variant of Win32/Mobogenie.A potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\b01a4f484f4879f07ee086a37812a960_53904.npb   Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\b2773d624c0c2d2b7484f2ce8e24eb4d_1594.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\c7184795a66da8ed6125576f1e8ce033_25464.npb   Win32/SpeedUpMyPC potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\ca8170ae44e88dd57ba7638c0daf8852_38564160.npb   a variant of MSIL/Downloader.Agent.G potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\d33e86b3ed0e310cc300d312f68153de_1598.npb   LNK/Agent.AO trojan
C:\ProgramData\Net Protector\Npbkp\d545e29ba5f5c602db9a90ad11366c82_635528.npb   a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\ProgramData\Net Protector\Npbkp\e8151df865b44bbcf4ba8587af8f9db1_6012096.npb   a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\092689149c24f71d74a3076ccf92132d_195072.npb   a variant of Win32/DealPly.S potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\10ab5b8549d8e8abcb822ca1e954c0f0_257904.npb   Win32/Systweak.F potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\224889bce6caf8a44e6da0c46a85e45d_1598.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\23d289b64941994d48cb2ddadd72fdfc_1562.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\28493abd37256b669cb50468f5134a87_206624.npb   a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\2d7c1661961ce19085b6a968b1b293d4_572928.npb   a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\48d624480946e6de3bfcfa1612446da8_117872.npb   Win32/ELEX.AR potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\4eb2c1b2f97f3a9e39faa54f1fef9c2b_77312.npb   a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\75ed33031a4905b1a75f34b5257c460e_206856.npb   a variant of Win32/DealPly.M potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\78639a992d9318cbb63571168f768dc6_1598.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\7a5d67862ab90a914e44b5aeb4aba97f_1580.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\8ac234994d4e034de5ca90c6c2aa524c_591528.npb   MSIL/AdvancedSystemProtector.D potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\8c8455a705b1d1866cad135759b82d20_1586.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\a25acd29fa673fcc807a763bf01fba17_1588.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\a9d8318ee7d8d2292590832e2c12d0ba_1572.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\aaf6b888c091c323a617e5ac64e0c98e_775872.npb   a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\b01a4f484f4879f07ee086a37812a960_53904.npb   Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\b2773d624c0c2d2b7484f2ce8e24eb4d_1594.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\c7184795a66da8ed6125576f1e8ce033_25464.npb   Win32/SpeedUpMyPC potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\ca8170ae44e88dd57ba7638c0daf8852_38564160.npb   a variant of MSIL/Downloader.Agent.G potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\d33e86b3ed0e310cc300d312f68153de_1598.npb   LNK/Agent.AO trojan
C:\Users\All Users\Net Protector\Npbkp\d545e29ba5f5c602db9a90ad11366c82_635528.npb   a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application
C:\Users\All Users\Net Protector\Npbkp\e8151df865b44bbcf4ba8587af8f9db1_6012096.npb   a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\dell\AppData\Roaming\MP3Rocket\ACF076A7F3FC46D8882FA0D423A4F4AE\MezaaSetupx30002.exe   multiple threats
C:\Users\dell\Downloads\bittorrent (1).exe   a variant of Win32/InstallCore.UT potentially unwanted application
C:\Users\dell\Downloads\cbsidlm-cbsi176-Oneclick_CDDVD_Writer-SEO-10411904.exe   a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\dell\Downloads\Installer.exe   Win32/OutBrowse.J potentially unwanted application
C:\Users\dell\Downloads\iobit-malware-fighter.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\dell\Downloads\mp3rocket (1).exe   a variant of Win32/InstallCore.QF potentially unwanted application
C:\Users\dell\Downloads\mp3rocket (2).exe   a variant of Win32/InstallCore.UF potentially unwanted application
C:\Users\dell\Downloads\mp3rocket.exe   a variant of Win32/InstallCore.PL potentially unwanted application
C:\Users\dell\Downloads\Uniblue PowerSuite 2012 v3.0.7.5 Cracked - [EC]\Setup\Uniblue PowerSuite 2012 v3.0.7.5.exe   Win32/SpeedUpMyPC potentially unwanted application
C:\zv\outbox\026711.EXE   a variant of Win32/InstallCore.UT potentially unwanted application
C:\zv\OUTBOX2\3742F6879005A7252B166B5FE8D3207A.EXE .gz   MSIL/Soft32Downloader.C potentially unwanted application
H:\cbsidlm-tr1_13-Lexmark__X422-ORG-147593 (1).exe   Win32/DownloadAdmin.G potentially unwanted application
H:\cbsidlm-tr1_13-Lexmark__X422-ORG-147593.exe   Win32/DownloadAdmin.G potentially unwanted application
H:\CodecPackage (1).exe   Win32/InstallCore.BN potentially unwanted application
H:\CodecPackage.exe   Win32/InstallCore.BN potentially unwanted application
H:\YTDSetup.exe   a variant of Win32/Toolbar.Widgi.B potentially unwanted application

[SuperDave]

How's your computer working now? Any other issues or questions?

[NNEagle]

Thank you Dave. You have been very helpful.

[SuperDave]

Ok, let's clean up.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
******************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create Registry backup
• Purge System Restore Points
• Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
***********************************************
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[NNEagle]

Dave,

Performed all as suggested.

I purchased, online, ESET Smart Security & ESET NOD32 Anti virus after uninstalling Net Protection.

Thank you once again for your kind help.

Glad to be a member of this great site

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.