Nymaim Trojan In Network

Please rerun RogueKiller and remove these items:
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] CatSysCenter.exe(11220) -- C:\Program Files (x86)\BrandProtect\CatSysCenter\CatSysCenter.exe[-] -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Hj.Shortcut] \{596CF9E0-0C70-4C19-A64D-E880B826699B} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=7.16.0.102&LastError=404) -> Found
[Hj.Shortcut] \{973D14B4-46AF-4EAC-9D01-74798FB97341} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&page=tsPlugin) -> Found

¤¤¤ Files : 1 ¤¤¤
[PUP.Firefox][File] C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\7sbvq1cc.default\Invalidprefs.js -> Found

Next, use file explorer to find and delete:
C:\Users\v\Downloads\Adobe cc\Adobe CC 2015 + Patch Gametime Gameplays\Adobe Universal Patcher CC2015.exe
C:\Users\v\Downloads\Adobe universal patcher\Adobe CC 2015 + Patch Gametime Gameplays\Adobe Universal Patcher CC2015.exe

Reboot and let's see if we can figure out what is going on with this. We need this to run and create a log. If it is stopping at about 80%, it is a sign of a new MBR infection going around. So let's make sure you are doing it right.

• Download TDSSKiller from Kaspersky directly onto your Desktop
• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7,8 and 10, do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).

• If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• You may see a window similar to the below appear

http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds1.jpg

• Click on Run to allow the application to run properly.
• If you see any popup warnings from your antivirus or firewall about it trying to access the nework or similar, make sure that you allow it to run/have access.
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.

You will then see the below window
http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds2.jpg

• Click on the Start scan button to begin the scan and wait for it to finish. When it finishes, you will see a window similar to below accept you may have one indicating infections were found.

http://forums.majorgeeks.com/chaslang/images/TDSSkiller/tds3.jpg

• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should already be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
• Reboot and the infection should hopefully be removed.

TDSSkiller - How to run

 

That log is clean.....but I want one more look see:

Please download the latest version of FRST the below link.
Farbar Recovery Scan Tool and save it to your Desktop.


Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• Reconnect your internet connection after reboot so you can come back here to continue.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Definitely remove those registry keys! I have no idea what they are, but they sure aren't normal.

When done with the above, reboot and please open task manager and click the processes tab and give me a screen shot.

 

That looks fine. Let's do one more scan as this infection, though old was once a tool for ransomware.

MBAM Anti-ransom

Then, please download and run:
Zemana Malware Removal to your desktop and run it please.
It auto updates, and you click scan. After it's finished, click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please.

 

Ok...just forget that for now...run Zemana.

 

If you mean Zemana...yes.

 

click on the icon that looks like Cell phone strength bars. High-light the report (by date log was produced) and click on the "Open Report" icon. (looks like a folder). That notepad.txt can then be copied/pasted into another .txt doc and saved. Upload that, please. Make sure you first click next to remove the malware!

 

One more scan to be sure:
Please download and run Emsisoft Emergency Kit.
Double click EmergencyKitScanner.exe to install EEK
When the installation of EEK is complete the Emergency Kit scanner will run.
NOTE: Make sure to enable PUPs detection.
Click "Yes" to Update Emsisoft Emergency Kit
Under "Scan" click-on "Malware Scan".
IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted.
Save the scan log somewhere that you can find it (desktop).
Exit Emsisoft Emergency Kit.
Attach the log.

 

Move on to EEK and attach that log, please.

 

Warning about cracked software Cracked Software.

How are things running now? What issues are you still having, if any?

 

C:\Users\v\Downloads\produkey\ProduKey.exe detected: Application.Nirsoft.M --- it would depend on where you downloaded it from.

If your ISP has not alerted you, then we have been successful.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You are most welcome.....safe surfing.