JS:MEDFOS-A Help....please

Adware Cleaner Report

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found C:\Program Files (x86)\Viewpoint
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\GREGBA~1\AppData\Local\Temp\AskSearch
Folder Found C:\Users\GREGBA~1\AppData\Local\Temp\AskSearch
Folder Found C:\Users\GREGBA~1\AppData\Local\Temp\AskSearch

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [ Browsers ] *****

-\ Internet Explorer v9.0.8112.16421

-\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\gregbarron\AppData\Roaming\Mozilla\Firefox\Profiles\dcvmgvj4.default-1371598755757\prefs.js ]

Line Found : user_pref(“plugin.blocklisted.npviewpoint”, true);

-\ Google Chrome v

[ File : C:\Users\gregbarron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\gregbarron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\gregbarron\AppData\Local\Google\Chrome\User Data\Default\preferences ]


AdwCleaner[R0].txt - [4123 octets] - [08/09/2013 10:00:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4183 octets] ##########

follow instructions and attach logs…not copy and paste. http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL

when done removal experts will be notified and help you
when finish, all tools used will be removed

If it is Medfos I will need the AswMBR as well

Thank you
Here is the AWDCLEANER attached
I am having trouble running malwarebytes I keep getting error code 730

you can run all tools from safe mode if problems… if no success, just move to next tool

If need be skip MBAM and go direct to OTL and AswMBR

I got malwarebytes to work
see attached

OTL attached

aswmbr attached

I see that Trend Micro still has some drivers running. Uninstall tool here http://esupport.trendmicro.com/solution/en-us/1056551.aspx

Let me know if the alerts continue after this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-3797986823-207381976-1680779127-2612..\Run: [antin] C:\Users\gregbarron\AppData\Roaming\antin.dll (Technologies Ltd.)
[2013/08/29 18:05:16 | 000,315,392 | ---- | C] (Technologies Ltd.) -- C:\Users\gregbarron\AppData\Roaming\antin.dll
[2013/08/30 12:26:06 | 000,000,000 | ---D | M] -- C:\Users\gregbarron\AppData\Roaming\Wiiriw

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Done. here is the OTL attached

Have the alerts ceased now ?

the alerts have ceased but when I run an avast boot scan it still shows up

essexboy. Thank you so much for your help with this.
Am I clean and clear now or are the more steps

When restarted avast ran a boot scan and the js:medfos-a stuff came up as an infected file.

thanks again

What location was the file in ? Was it OTL or system restore ?

File C:\Users\gregbarron\appdata\mozilla\firefox …
its a long file name
let me know if you need more.

It showed up when I ran AVAST Boot scan

OK lets update Java as you are a long way behind

Download and run Javara from here http://www.majorgeeks.com/files/details/javara.html
First select remove Java
Once done then select Update Java

OK done

I just got a message box
Ad.Yieldmanager.com
file name
get-user-id.js

that was about 5 minutes after I deleted old java and updated using majorgeeks link

I hit cancel