Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360


  • This topic is locked This topic is locked
3 replies to this topic

#1 bleedBnG58

bleedBnG58

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 30 January 2009 - 06:44 PM

I received the antivirus 360. I went to several forums to search for removal processes. I followed the instructions and found the items that they said that should remove it; however I am not sure if I got them all. But I am no longer getting pop up messages from antivirus 360. Since then my PC is running slower, mostly in booting, it takes 5 minutes to reboot/boot up. Plus there are long hesitations on opening the browser and whenever I point to items to open. It takes a long time to open menus or even to fill in the items on the control panel. I have run numerous scan programs, did a disk clean, multiple defrags, did a chkdsk and it came up OK. I did a system restore back to an earlier point. I changed to AVG, don't know it that makes it boot slower. I have disabled some start up programs with spybot. Not sure if I can turn anymore off. I do not think I changed anything in the registry. I downloaded some reg scanners to check to see if there were problems and of course they said I have over 2200 items that need fixing however I did not use the program to make any corrections. Not sure if I should, have read that some times they can do more harm than good. What is your opinion on reg scanners? Should I run one? If so do you recommend any particular one to use? I also get a lot of virtual low memory messages. Not sure if I just have a boot problem, a process problem, or still infected or what. :thumbup2: The Kaspersky run said I had 2 threat names, 6 infected objects, 2 suspicious objects.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 23:20:41.00 on Thu 01/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.44 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0B014B81-4E12-46F9-806F-55867AF8FD3C} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ImageShack Toolbar: {6932d140-abc4-4073-a44c-d4a541665e35} - c:\program files\imageshacktoolbar\ImageShackToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Post Image to Blog - c:\program files\imageshacktoolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\program files\imageshacktoolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\program files\imageshacktoolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\program files\imageshacktoolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\program files\imageshacktoolbar\ImageShackToolbar.dll/5001
DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - hxxp://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190420965187
DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} - hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190420934718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-26 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-26 107272]
R3 ICAM3NT5;Intel® PC Camera CS331;c:\windows\system32\drivers\ICAM3D2.SYS [2006-12-21 145184]
R4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-28 421496]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-26 903960]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-26 298264]
S1 SAVRT;SAVRT;\??\c:\program files\norton antivirus\savrt.sys --> c:\program files\norton antivirus\SAVRT.SYS [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton antivirus\savrtpel.sys --> c:\program files\norton antivirus\SAVRTPEL.SYS [?]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccpwdsvc.exe" --> c:\program files\common files\symantec shared\ccPwdSvc.exe [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20061213.022\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NAVENG.Sys [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20061213.022\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20061213.022\NavEx15.Sys [?]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S4 navapsvc;Norton AntiVirus Auto Protect Service;"c:\program files\norton antivirus\navapsvc.exe" --> c:\program files\norton antivirus\navapsvc.exe [?]
S4 SAVScan;SAVScan;c:\program files\norton antivirus\savscan.exe --> c:\program files\norton antivirus\SAVScan.exe [?]

=============== Created Last 30 ================

2009-01-28 23:34 <DIR> --d----- c:\program files\Runtime Software
2009-01-28 23:13 <DIR> --d----- c:\program files\Trend Micro
2009-01-28 17:55 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-28 17:53 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-28 17:53 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-28 17:53 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-28 17:53 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-28 17:53 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-28 17:53 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-28 17:53 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-28 17:53 <DIR> --d----- C:\d7735afbf44cf769255d2f0cd51cd1f6
2009-01-28 17:20 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-28 17:18 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-28 17:17 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-28 17:17 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-28 17:17 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-28 17:17 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-28 17:17 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-28 17:17 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-28 17:16 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-28 17:11 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-01-27 22:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-26 17:32 <DIR> --d----- c:\program files\a-squared Free
2009-01-26 17:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-26 17:10 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-26 17:10 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-26 17:10 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-26 17:10 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-26 17:10 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-01-26 17:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-26 00:32 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-25 18:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-01-25 18:32 <DIR> --d----- c:\docume~1\owner\applic~1\GetRightToGo
2009-01-24 23:17 <DIR> --d----- c:\program files\AVG

==================== Find3M ====================

2009-01-29 22:08 69,608 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2006-12-21 23:14 756,754 ac------ c:\program files\CS330-XP.exe
2006-12-07 17:00 2,242,640 ac------ c:\program files\goodsync-googs.exe
2006-11-16 16:52 0 ac------ c:\program files\common files\err.log
2006-11-05 15:38 212,849 ac------ c:\program files\hijackthis.zip
2004-08-13 02:42 0 ac-sh--- c:\windows\sminst\HPCD.sys
2008-08-26 23:32 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 23:22:20.84 ===============

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 30, 2009 14:28:17
Records in database: 1728662


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 97844
Threat name 2
Infected objects 6
Suspicious objects 2
Duration of the scan 04:54:39

File name Threat name Threats count
C:\Documents and Settings\Default User\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\24\9541718-17d47585 Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\54\342ff276-134fa9ab Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-39e04b6e Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-3d6156fd.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-1f442ed4-1482cd76.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-74249065-6ab994b7.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 07 February 2009 - 02:53 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run OTScanIt

Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Rootkit Scan setting from "No" to Yes.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Please post back with:
-OTScanIT log
-MBAM log
-What Problems do you still have?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 10 February 2009 - 01:14 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 12 February 2009 - 05:19 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users