Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems


  • This topic is locked This topic is locked
26 replies to this topic

#1 nikcook

nikcook

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 05 August 2010 - 08:04 AM

Hi, New here so please bear with me.
I too am having problems with redirects to a number of weird sites.
Im using FF 3.6.8
I did a hijack this and here's my log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:20, on 05/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\PROGRA~1\AVG\AVG9\avgtr

Edited by Orange Blossom, 05 August 2010 - 07:40 PM.
Added more bits of logs from other partials and removed extraneous posts. ~ OB


BC AdBot (Login to Remove)

 


#2 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 07 August 2010 - 05:58 AM

Thanks Orange Blossom

I do have the complete log on a txt doc but for some reason it would not cut and paste I should I try again ?

Nil

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:58 AM

Posted 07 August 2010 - 02:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#4 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 09 August 2010 - 06:54 AM

Hi Shannon, Its taken me a few days as my PC has been freezing up like crazy. Anyway I hope Ive done all this correctly.

DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nik at 11:10:07.81 on 08/08/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.703.277 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pluscom\Common\WlUI.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Documents and Settings\Nik\Local Settings\Application Data\Spoon\3.20.0.8\Spoon-Sandbox.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Documents and Settings\Nik\Local Settings\Application Data\Spoon\3.21.0.17\Spoon-Sandbox.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Nik\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD1.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [cqqmgwdv] c:\documents and settings\nik\local settings\application data\qhrygkfgf\ynukxabtssd.exe
StartupFolder: c:\docume~1\nik\startm~1\programs\startup\spoons~2.lnk - c:\documents and settings\nik\local settings\application data\spoon\3.20.0.8\Spoon-Sandbox-Native.exe
StartupFolder: c:\docume~1\nik\startm~1\programs\startup\spoons~1.lnk - c:\documents and settings\nik\local settings\application data\spoon\3.21.0.17\Spoon-Sandbox-Native.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear sa19xx device manager\main.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\plusco~1.lnk - c:\program files\pluscom\common\WlUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\nik\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\web2~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-5 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-23 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-23 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-23 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-5 112592]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-28 32512]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-3-7 369920]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-08-05 11:27:38 882 ----a-w- c:\windows\RegSDImport.xml
2010-08-05 11:27:38 879 ----a-w- c:\windows\RegISSImport.xml
2010-08-05 11:27:38 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-05 11:27:38 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-05 11:27:38 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-05 11:27:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-05 11:27:38 131 ----a-w- c:\windows\IDB.zip
2010-08-05 11:27:38 1152444 ----a-w- c:\windows\UDB.zip
2010-08-05 11:25:03 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-05 11:25:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-05 11:24:39 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-05 11:24:39 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-05 11:24:39 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-05 11:24:39 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-05 11:24:22 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-05 11:24:22 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-05 11:24:14 0 d-----w- c:\program files\common files\PC Tools
2010-08-05 11:24:13 0 d-----w- c:\program files\Spyware Doctor
2010-08-05 11:24:13 0 d-----w- c:\docume~1\nik\applic~1\PC Tools
2010-08-05 11:24:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-05 11:21:34 36598544 ----a-w- c:\program files\sdsetup.exe
2010-08-01 13:00:39 0 d-----w- c:\program files\iPod
2010-08-01 12:55:58 0 d-----w- c:\program files\Bonjour
2010-07-26 07:08:04 0 d-----w- c:\docume~1\nik\applic~1\PriceGong
2010-07-16 13:14:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-16 13:14:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:13:57 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-18 16:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 16:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-25 09:24:35 17829274 ----a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2010-04-02 07:21:48 15787971 ----a-w- c:\program files\any-audio-converter.exe

============= FINISH: 11:12:00.90 ===============


#5 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 09 August 2010 - 06:56 AM

gmer log attached

Attached Files

  • Attached File  ark.txt   295.79KB   6 downloads


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:58 PM

Posted 09 August 2010 - 10:26 AM

Hello nikcook,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.

2.
Download and Run RKill
    Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:
uninstall_list.txt
Combofix.txt
How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 August 2010 - 06:02 AM

Hi Fireman and many thanks for helping me out in my time of need. Just a quick question.
I am following your instructions and currently running the combofix on my pc. It says on the screen that it shouldnt take more than five minutes but this may easily double if heavily infected. Its been on the go for an hour and a half now is this normal ?

Quick update ... its still scanning

Cheers

Nik

Edited by nikcook, 10 August 2010 - 10:24 AM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:58 PM

Posted 10 August 2010 - 10:36 AM

Hello,

Sometimes it take a while. Is it showing it going up in steps?

As in like step21 step 22 etc.?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 August 2010 - 12:17 PM

No Sir, its still showing the message as it did when it started should I abort and try again ?

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:58 PM

Posted 10 August 2010 - 03:57 PM

Hello,

Yes go ahead and abort and try and run it in safemode.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 10 August 2010 - 05:32 PM

Thanx, i didnt wanna do anything until instructed. Ill run it in safe mode 1st thing tomorrow morning

Thank you

Nik

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:58 PM

Posted 10 August 2010 - 07:38 PM

OK, Thanks for letting me know. thumbup2.gif

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 11 August 2010 - 03:38 AM

Hi there, combofix ran this morning so I can now report back with the log files.
Since running the programs I have lost my wireless connection and I dont really want to attempt to reconnect until hearing from you.

Uninstall list

22Pixels Photoshop Flock
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advertising Center
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 9.0
Bonjour
Browser Defender 2.0.6.15
CCleaner
C-Media WDM Audio Driver
Connect
CopyTrans Suite Remove Only
DVDVideoSoftTB Toolbar
FileZilla Client 3.3.3
Free Audio CD Burner version 1.3
Free DVD Video Burner version 2.3
Free YouTube to DVD Converter version 2.3
Free YouTube to MP3 Converter version 3.5
GoGear SA19xx Device Manager
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java™ 6 Update 18
kuler
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Expression Web 2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Expression Web 3
Microsoft Expression Web 3
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Norton Ghost
Photoshop Camera Raw
Pluscom Wireless LAN Card
QuickTime
Safari
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Serif PagePlus SE 1.0
Spybot - Search & Destroy
Spyware Doctor 7.0
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Virgin Broadband advisor 1.5.24
Windows XP Service Pack 3
Wireless Manager

combofix log

ComboFix 10-08-10.04 - Nik 11/08/2010 6:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.703.205 [GMT 0:00]
Running from: c:\documents and settings\Nik\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nik\Application Data\PriceGong
c:\documents and settings\Nik\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Nik\Application Data\PriceGong\Data\z.xml
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-10 08:43 . 2010-08-10 08:43 -------- d-----w- c:\windows\system32\LogFiles
2010-08-07 22:42 . 2010-08-07 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG Security Toolbar
2010-08-07 22:42 . 2010-08-07 22:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-08-05 11:27 . 2010-01-27 13:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-05 11:27 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-05 11:27 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-05 11:27 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-05 11:27 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-05 11:27 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-08-05 11:25 . 2010-02-05 09:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-05 11:24 . 2010-03-29 10:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-05 11:24 . 2009-11-23 13:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-05 11:24 . 2010-04-08 14:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-05 11:24 . 2010-08-05 11:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-05 11:24 . 2010-08-11 06:56 -------- d-----w- c:\program files\Spyware Doctor
2010-08-05 11:24 . 2010-08-05 11:24 -------- d-----w- c:\documents and settings\Nik\Application Data\PC Tools
2010-08-05 11:24 . 2010-08-05 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-05 11:23 . 2010-08-11 06:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-05 11:21 . 2010-08-05 11:22 36598544 ----a-w- c:\program files\sdsetup.exe
2010-08-02 13:47 . 2010-07-23 17:22 43008 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-02 13:47 . 2010-07-23 17:22 338944 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-02 13:47 . 2010-07-23 17:22 1496064 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-02 13:47 . 2010-07-23 17:22 346112 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-01 13:00 . 2010-08-01 13:00 -------- d-----w- c:\program files\iPod
2010-08-01 12:55 . 2010-08-01 12:55 -------- d-----w- c:\program files\Bonjour
2010-08-01 12:53 . 2010-08-01 12:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-21 07:25 . 2010-07-21 07:25 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 07:25 . 2010-07-21 07:25 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 07:25 . 2010-07-21 07:25 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 07:25 . 2010-07-21 07:25 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 07:25 . 2010-07-21 07:25 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-16 13:14 . 2010-07-16 13:14 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-16 13:14 . 2010-07-16 13:14 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-16 13:14 . 2010-07-16 13:14 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:13 . 2010-07-16 13:13 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-16 13:13 . 2010-07-16 13:13 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-16 13:13 . 2010-07-16 13:13 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-16 13:13 . 2010-07-16 13:13 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 06:59 . 2010-05-16 09:37 -------- d-----w- c:\documents and settings\Nik\Application Data\Affinegy
2010-08-11 06:55 . 2010-02-14 19:10 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-10 18:11 . 2010-03-08 00:07 0 ----a-w- c:\documents and settings\Nik\Local Settings\Application Data\prvlcl.dat
2010-08-03 13:00 . 2010-03-08 07:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-01 13:01 . 2010-01-23 22:49 -------- d-----w- c:\program files\iTunes
2010-08-01 13:00 . 2010-01-24 05:46 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 15:11 . 2010-01-23 22:42 -------- d-----w- c:\documents and settings\Nik\Application Data\FileZilla
2010-07-26 17:19 . 2010-03-07 08:30 -------- d-----w- c:\documents and settings\Nik\Application Data\Canon
2010-07-26 07:08 . 2010-06-27 13:16 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-07-16 13:14 . 2010-01-23 16:30 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:13 . 2010-01-23 16:30 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-05 16:12 . 2010-01-23 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-05 15:47 . 2010-07-05 15:47 -------- d-----w- c:\documents and settings\Nik\Application Data\Malwarebytes
2010-07-05 15:47 . 2010-07-05 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 15:47 . 2010-07-05 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 21:12 . 2010-03-07 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-27 13:16 . 2010-06-27 13:16 -------- d-----w- c:\program files\Conduit
2010-06-27 13:16 . 2010-06-27 13:16 52224 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-27 13:16 . 2010-06-27 13:16 101376 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\td5busqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-27 13:16 . 2010-06-27 13:16 52224 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\New Folder (2)\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-27 13:16 . 2010-06-27 13:16 101376 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\New Folder (2)\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-27 13:16 . 2010-06-27 13:16 52224 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\New Folder\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-27 13:16 . 2010-06-27 13:16 52224 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\mpd4vudl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-27 13:16 . 2010-06-27 13:16 101376 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\New Folder\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-27 13:16 . 2010-06-27 13:16 101376 ----a-w- c:\documents and settings\Nik\Application Data\Mozilla\Firefox\Profiles\mpd4vudl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-27 08:21 . 2010-05-25 11:18 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-27 08:21 . 2010-02-27 12:22 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-15 14:24 . 2010-01-23 22:42 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-04 07:59 . 2010-01-23 16:30 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-18 16:35 . 2010-05-18 16:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 16:35 . 2010-05-18 16:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-16 10:04 . 2010-05-16 10:04 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-25 09:24 . 2010-04-02 06:35 17829274 ----a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2010-04-02 07:21 . 2010-04-02 07:20 15787971 ----a-w- c:\program files\any-audio-converter.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-26 07:08 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 14:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 18:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-07-26 2736736]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-27 585728]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Nik\Start Menu\Programs\Startup\
Spoon Sandbox Manager 3.20.lnk - c:\documents and settings\Nik\Local Settings\Application Data\Spoon\3.20.0.8\Spoon-Sandbox-Native.exe [2010-6-5 190656]
Spoon Sandbox Manager 3.21.lnk - c:\documents and settings\Nik\Local Settings\Application Data\Spoon\3.21.0.17\Spoon-Sandbox-Native.exe [2010-6-15 268536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Philips SA19xx Device Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2010-5-21 119296]
Pluscom Wireless Utility.lnk - c:\program files\Pluscom\Common\WlUI.exe [2010-5-16 655360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:14 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nik^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Nik\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadbandadvisor.exe]
2009-01-30 00:29 2303216 ----a-w- c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2003-12-17 23:51 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 15:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 21:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 16:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [05/08/2010 11:24 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/01/2010 16:30 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/01/2010 16:30 243024]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 23:41 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 00:56 14336]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [16/07/2010 13:13 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/07/2010 13:14 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [05/08/2010 11:27 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [05/08/2010 11:24 366840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/02/2010 03:44 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [07/03/2010 22:46 369920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 03:44]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 03:44]

2010-08-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 18:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Nik\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-cqqmgwdv - c:\documents and settings\Nik\Local Settings\Application Data\qhrygkfgf\ynukxabtssd.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 06:58
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(652)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(1108)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WSOCK32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\documents and settings\Nik\Local Settings\Application Data\Spoon\3.20.0.8\Spoon-Sandbox.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
c:\documents and settings\Nik\Local Settings\Application Data\Spoon\3.21.0.17\Spoon-Sandbox.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-11 07:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-11 07:03

Pre-Run: 131,025,383,424 bytes free
Post-Run: 131,089,641,472 bytes free

- - End Of File - - 0FB647BED50AE216261A407983CF2A50


Cheers

Nik

#14 nikcook

nikcook
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 11 August 2010 - 05:42 PM

Hiya Fireman, after restarting my PC earlier today Spyware Doctor ran a scan and gave the attached results. I thought I had disabled the program but obviously not. Not sure if its of any use or not, I just thought you should know. The attached is a screen shot once Spyware Doctor had finished. I have enabled AVG and Windows firewall. Am I safe to use the pc or not ? I have not used the internet since following your instructions am I able to use things like photoshop, frontpage and dreamweaver ?

Thanks

Nik

Attached Files


Edited by nikcook, 11 August 2010 - 05:45 PM.


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:58 PM

Posted 11 August 2010 - 06:25 PM

Hello,

I wouldn't worry about spybot finding things. It is probably leftovers or things in Combofix's Quarantine folder.

I still wouldn't use the machine yet. Let's run a couple of other scans first.

1.
Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm


I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.

2.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

3.
Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

4.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.


Things to include in your next reply::
MBAM log
Eset log
A new DDS log
How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users