Malware – “office” - 2016.04.14

If you want to get rid of the Yahoo Toolbar, rerun Hitman and have it remove all that it finds. You will continue to have issues until you upgrade away from XP. You need to tell me what issues you are having because you are not having malware issues other than the crap that MBAM found.

 

While I work up a fix, do the following:

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista,Seven,Eight or 10, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 and 10 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Attach the logfile to your next next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Now:

Download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Processes
explorer.exe

:Files
C:\Documents and Settings\Administrator.NATIONAL-705E1C\Application Data\Yahoo!

:reg
[-HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YTBM.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL\]
[-HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}\]
[-HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}\]
[-HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}\]
[-HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}\]
[-HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}\]
[-HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}\]
[-HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}\]
[-HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}\]
[-HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\]
[-HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\]
[-HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\]
[-HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\]
[-HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\]
[-HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}\]
[-HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\]
[-HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\]
[-HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}\]
[-HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\]
[-HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\]
[-HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\]
[-HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\]
[-HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}\]
[-HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\]
[-HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\]
[-HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}\]
[-HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}\]
[-HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\]
[-HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}\]
[-HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\]
[-HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\]
[-HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}\]
[-HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1\]
[-HKLM\SOFTWARE\Classes\Sample.BrowserHandler\]
[-HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample\]
[-HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}\]
[-HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\]
[-HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6\]
[-HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin\]
[-HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\]
[-HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\]
[-HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1\]
[-HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar\]
[-HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1\]
[-HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin\]
[-HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\]
[-HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\]
[-HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\]
[-HKLM\SOFTWARE\Classes\YPUBC.DataStore\]
[-HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\]
[-HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\]
[-HKLM\SOFTWARE\Classes\YPUBC.StringList.1\]
[-HKLM\SOFTWARE\Classes\YPUBC.StringList\]
[-HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1\]
[-HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl\]
[-HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1\]
[-HKLM\SOFTWARE\Classes\YTBM.YTBMButton\]
[-HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1\]
[-HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin\]
[-HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1\]
[-HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance\]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670}\]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\]
[-HKLM\SOFTWARE\Yahoo\Companion\]
[-HKU\.DEFAULT\Software\Yahoo\Companion\]
[-HKU\S-1-5-18\Software\Yahoo\Companion\]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Now rerun HItman and attach that new log.

 

I also see you are not running any anti-virus software. You will continually be infected. You are infected with a worm. It spreads via thumb drives and has possibly infected all computers on your network. Again, you need to reinstall or upgrade.