Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop-up ads when using browsers & Yahoo mail

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pop-up ads when using browsers & Yahoo mail

Unread postby no1bob » August 25th, 2014, 11:11 am

Hi,

I have Windows 7 Pro & it is up to date with all downloads.
I use 3 browsers: IE, Firefox & Chrome (which I uninstalled because of the problem I am having).

In all 3 browsers, when I clicked on a link in an emailed advertisement, I would get various "pop-up," unrelated ad's appearing in the bottom section of the page.
I "solved" this problem in IE & Firefox by deleting various add-ins.
However, I could not find a way to fix the problem in Chrome.
I tried deleting Chrome and then reinstalling it from a downloaded installation file; but this did not work. The pop-up ads still appeared.
To avoid this problem I deleted chrome from the computer (but I like to use Chrome!).

I ran a complete scan with Microsoft Security Essentials and it found nothing.
I installed Malwarebytes Anti-Malware (free), ran a complete scan, and it found nothing.

In searching briefly for an explanation of what malware problem I have, the description of the "LillyJade" malware came closest to what I saw.

I am concerned that I probably have this malware somewhere on my computer that needs to be removed.
And I would like to be able to re-install Google Chrome.

Thanks for any help you can provide,
Bob

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054 BrowserJavaVersion: 10.67.2
Run by Bob at 10:21:00 on 2014-08-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12173.8780 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SmarterPower\updateSmarterPower.exe
C:\Program Files (x86)\SmarterPower\bin\utilSmarterPower.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
C:\Program Files (x86)\AutoSizer\AutoSizer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Solways Task Scheduler\tasksched.exe
C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\NumLocker\NumLocker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\SmarterPower\bin\SmarterPower.PurBrowse64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\SmarterPower\bin\SmarterPower.BrowserAdapter.exe
\\mas90\accounting\MAS90\Home\pvxwin32.exe
\\mas90\accounting\MAS90\Launcher\Launch32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [KeyboardLeds.exe] "C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe"
uRun: [AutoSizer] "C:\Program Files (x86)\AutoSizer\AutoSizer.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Screenshot Captor] "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun
uRun: [Solway's Task Scheduler] C:\Program Files (x86)\Solways Task Scheduler\tasksched.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SOSUAUI] "C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe" -showui
mRun: [SMessaging] "C:\Program Files (x86)\SOS Online Backup\SMessaging.exe"
mRun: [AccountCreatorRunner] "C:\Program Files (x86)\SOS Online Backup\AccountCreatorRunner.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NUMLOC~1.LNK - C:\Program Files (x86)\NumLocker\NumLocker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DUALMO~1.LNK - C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... 5.24.0.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
TCP: NameServer = 8.8.8.8 4.2.2.2 208.67.222.222
TCP: Interfaces\{BD6F86D4-287A-4123-A71E-E8ECD8C16B71} : DHCPNameServer = 8.8.8.8 4.2.2.2 208.67.222.222
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\xf88l5y2.default\
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2014-7-25 358616]
R1 RapportCerberus_69875;RapportCerberus_69875;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [2014-7-29 631128]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-7-10 299736]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-7-10 414296]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-7-16 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-2-7 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-7-31 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-7-10 1886488]
R2 sagentservice;Offsite Online Backup Service;C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe [2014-7-16 44552]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-11 676968]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-4-22 136000]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-4-22 410944]
R4 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-8-22 91352]
RUnknown {5eeb83d0-96ea-4249-942c-beead6847053}Gw64;{5eeb83d0-96ea-4249-942c-beead6847053}Gw64; [x]
RUnknown Update SmarterPower;Update SmarterPower; [x]
RUnknown Util SmarterPower;Util SmarterPower; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-22 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-22 30208]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2014-7-24 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-22 1255736]
.
=============== Created Last 30 ================
.
2014-08-25 05:56:58 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D445744E-5077-40FB-BADA-E21FFBDA1E4E}\offreg.dll
2014-08-25 05:56:11 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D445744E-5077-40FB-BADA-E21FFBDA1E4E}\mpengine.dll
2014-08-24 16:27:46 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-23 15:38:15 79064 ----a-w- C:\Windows\System32\drivers\goie.sys
2014-08-22 20:43:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 20:43:10 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-22 20:43:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-22 20:43:10 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-22 20:43:10 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-22 20:43:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 19:57:32 -------- d-----w- C:\Users\Bob\AppData\Local\Adobe
2014-08-20 14:18:50 -------- d-----w- C:\Users\Bob\AppData\Local\IsolatedStorage
2014-08-20 14:18:49 -------- d-----w- C:\Program Files (x86)\SmarterPower
2014-08-20 14:18:38 -------- dc-h--w- C:\ProgramData\~0
2014-08-20 13:36:11 -------- d-----w- C:\Program Files (x86)\NumLocker
2014-08-20 06:19:18 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE83AEB5-890B-4971-AAD4-B0269E332B03}\gapaengine.dll
2014-08-16 07:04:38 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-16 07:04:38 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-16 07:04:38 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-16 07:04:38 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-16 07:04:30 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-16 07:04:30 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-16 07:03:26 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 07:03:26 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 08:07:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-11 14:59:06 -------- d--h--w- C:\ProgramData\CanonIJEGV
2014-08-11 14:46:40 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-08-11 14:06:08 -------- d-----w- C:\Program Files\Common Files\CANON
2014-08-11 14:06:01 -------- d-----w- C:\ProgramData\CanonIJWSpt
2014-08-11 14:04:54 515072 ----a-w- C:\Windows\System32\CNQ2414L.dll
2014-08-11 14:04:54 438272 ----a-w- C:\Windows\SysWow64\CNQ2414L.dll
2014-08-11 14:04:54 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2014-08-11 14:04:54 112128 ----a-w- C:\Windows\System32\CNQ2414I.dll
2014-08-11 14:04:54 106496 ----a-w- C:\Windows\SysWow64\CNQ2414U.dll
2014-08-11 14:04:53 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2014-08-11 14:04:53 1354240 ----a-w- C:\Windows\System32\CNQ2414C.dll
2014-08-11 14:04:48 248320 ----a-w- C:\Windows\System32\CNQ2414Y.dll
2014-08-11 14:04:46 103424 ----a-w- C:\Windows\System32\CNQ2414O.dll
2014-08-11 14:03:37 -------- d-----w- C:\Program Files (x86)\Canon
2014-08-07 17:26:46 -------- d-----w- C:\Users\Bob\AppData\Roaming\Dual Monitor
2014-08-07 17:25:20 -------- d-----w- C:\Program Files (x86)\Dual Monitor
2014-08-07 16:19:10 -------- d-----w- C:\Users\Bob\AppData\Roaming\ClassicShell
2014-08-07 16:18:53 -------- d-----w- C:\ProgramData\ClassicShell
2014-08-07 16:14:44 -------- d-----w- C:\Program Files\Classic Shell
2014-08-06 21:59:52 -------- d-----w- C:\%USERPROFULE%
2014-08-05 16:08:33 -------- d-----w- C:\Users\Bob\AppData\Local\ORPALIS
2014-08-05 16:04:54 -------- d-----w- C:\Users\Bob\AppData\Local\Downloaded Installations
2014-08-05 14:48:58 -------- d-----w- C:\ProgramData\APN
2014-08-05 14:46:45 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-03 07:00:26 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-03 07:00:25 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-31 21:54:29 -------- d-----w- C:\Users\Bob\AppData\Local\Programs
2014-07-31 19:16:58 -------- d-----w- C:\Users\Bob\AppData\Local\LogMeInIgnition
2014-07-31 19:16:49 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2014-07-31 19:16:49 60744 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2014-07-31 19:16:49 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-07-31 19:16:49 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-07-31 19:16:47 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-07-31 19:16:38 -------- d-----w- C:\Program Files (x86)\LogMeIn
2014-07-31 19:09:00 -------- d-----w- C:\Users\Bob\AppData\Local\LogMeIn Rescue Applet
2014-07-31 17:35:10 -------- d-----w- C:\Users\Bob\AppData\Local\CutePDF Writer
2014-07-30 22:47:21 -------- d-----w- C:\ProgramData\SOS Online Backup
2014-07-30 22:47:16 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2014-07-30 22:47:08 -------- d-----w- C:\Program Files (x86)\SOS Online Backup
2014-07-30 22:46:45 -------- d-----w- C:\Windows\Downloaded Installations
2014-07-29 22:03:29 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-29 21:50:51 -------- d-----w- C:\Kpcms
2014-07-29 21:46:50 -------- d-----w- C:\Program Files (x86)\Microtek
2014-07-29 21:46:17 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2014-07-29 21:46:17 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2014-07-29 21:46:17 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2014-07-29 21:46:17 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2014-07-29 21:46:16 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2014-07-29 21:46:07 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2014-07-29 21:00:05 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2014-07-29 16:45:47 -------- d-----w- C:\Users\Bob\AppData\Roaming\PrimoPDF
2014-07-29 16:41:56 87600 ----a-w- C:\Windows\System32\cpwmon64.dll
2014-07-29 16:41:56 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-07-29 16:37:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-07-29 16:33:18 -------- d-----w- C:\ProgramData\PlotSoft
2014-07-29 16:33:18 -------- d-----w- C:\Program Files (x86)\PlotSoft
2014-07-29 16:29:16 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2014-07-29 16:29:15 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2014-07-29 16:06:44 -------- d-----w- C:\Program Files\gs
2014-07-29 15:32:39 -------- d-----w- C:\Users\Bob\AppData\Local\Apple Computer
2014-07-28 21:49:13 -------- dc----w- C:\Users\Bob\AppData\Local\MigWiz
.
==================== Find3M ====================
.
2014-08-20 19:35:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-20 19:35:27 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 20:53:35 249856 ------w- C:\Windows\Setup1.exe
2014-07-25 20:53:34 73216 ----a-w- C:\Windows\ST6UNST.EXE
2014-07-24 12:10:54 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-24 09:37:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-24 09:32:28 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 02:23:38 358616 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 10:21:30.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume7
Install Date: 7/22/2014 7:13:36 PM
System Uptime: 8/22/2014 12:16:19 PM (70 hours ago)
.
Motherboard: Foxconn | | 2ADA
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 847.25 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1377 GiB total, 1331.696 GiB free.
F: is FIXED (NTFS) - 18 GiB total, 2.256 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
S: is NetworkDisk (NTFS) - 515 GiB total, 461.707 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP57: 8/20/2014 9:36:22 AM - Configured Microsoft Office Professional Plus 2007
RP58: 8/20/2014 10:21:50 AM - Revo Uninstaller's restore point - Driver Support
RP59: 8/20/2014 10:23:00 AM - Revo Uninstaller's restore point - Optimizer Pro v3.2
RP60: 8/20/2014 10:23:59 AM - Revo Uninstaller's restore point - WeatherBug®
RP61: 8/20/2014 10:25:01 AM - Revo Uninstaller's restore point - WSE_Astromenda
RP62: 8/20/2014 3:37:14 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
RP63: 8/22/2014 4:16:18 PM - Revo Uninstaller's restore point - Google Chrome
RP64: 8/23/2014 1:56:12 AM - Windows Update
RP65: 8/23/2014 11:52:21 AM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
AutoSizer
Canon CanoScan LiDE 110 User Registration
Canon MP Navigator EX 4.0
Canon Solution Menu EX
CanoScan LiDE 110 Scanner Driver
Classic Shell
Color Matching System
CutePDF Writer 3.0
Dual Monitor 1.22
Eusing Cleaner
Express ClickYes 1.2
GPL Ghostscript
HP Customer Experience Enhancements
Intel(R) Processor Graphics
Java 7 Update 67
Java Auto Updater
Keyboard LEDs
LogMeIn
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NumLocker 1.0
PDFill PDF Editor with FREE Writer and FREE Tools
PrimoPDF -- brought to you by Nitro PDF Software
Rapport
Revo Uninstaller 1.95
Sage ERP MAS 90 Workstation
Sage ERP MAS 90 Workstation (\\mas90\accounting\MAS90)
Screenshot Captor 3.00.00
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Solway's Task Scheduler 1.8
SOS Online Backup
System Requirements Lab for Intel
The Jewish Calendar for Windows
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
Trusteer Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows XP Mode
.
==== End Of File ===========================
no1bob
Active Member
 
Posts: 2
Joined: August 25th, 2014, 10:17 am
Advertisement
Register to Remove

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby pgmigg » August 25th, 2014, 10:24 pm

Hello no1bob,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby pgmigg » August 26th, 2014, 12:22 am

Hello Bob,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of codecheck.txt log file
  4. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby pgmigg » August 28th, 2014, 1:16 am

Hello no1bob,

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby no1bob » August 28th, 2014, 4:41 pm

Hi pgmigg,

I apologize for not getting back to you timely.
I re-read the forum's rules and I realized there is a rule about not helping for business use computers.
The computer in question is in my office attached to an office network.

So I am hereby withdrawing my request for help.
I'm regret that I wasted your time.

Thanks much,
Bob
no1bob
Active Member
 
Posts: 2
Joined: August 25th, 2014, 10:17 am

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby pgmigg » August 28th, 2014, 5:49 pm

Hello Bob,

The computer in question is in my office attached to an office network.

So I am hereby withdrawing my request for help.
Thank you for your answer!

I'm regret that I wasted your time.

Thanks much,
You are very welcome, Bob!

This topic will be closed.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3178
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Pop-up ads when using browsers & Yahoo mail

Unread postby Gary R » August 29th, 2014, 1:31 am

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

I see you've read the section here which explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware