TechSpot

Bad image pop-ups

Solved
By jstar1029
Sep 21, 2010
  1. i recently started getting these bad image pop-ups everytime i start up my computer and when i try to open up any program on it. i have started the preliminary 8 step process but after i did the mbam scan i no longer got the pop-ups anymore after i restarted my computer would i still need to finish the process? i am attaching the mbam log to this post
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Welcome aboard [​IMG]

    Yes, finish all steps, because something may be still hiding there.
     
  3. jstar1029

    jstar1029 TS Rookie Topic Starter

    thanks alot i just finished the whole process and its nice to be here you guys saved my computer lol i have attached all of the logs is there anything else i have to do? or anything i can do to prevent this from happening again? thanks in advance i appreciate all the help
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  5. jstar1029

    jstar1029 TS Rookie Topic Starter

    this is wat i got:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 143):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF79BE000 \WINDOWS\system32\KDCOM.DLL
    0xF78CE000 \WINDOWS\system32\BOOTVID.dll
    0xF74BE000 nnujb.sys
    0xF72BC000 spoc.sys
    0xF79C0000 \WINDOWS\System32\Drivers\WMILIB.SYS
    0xF72A4000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xF7276000 ACPI.sys
    0xF7265000 pci.sys
    0xF74CE000 ohci1394.sys
    0xF74DE000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF74EE000 isapnp.sys
    0xF78D2000 compbatt.sys
    0xF78D6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A86000 pciide.sys
    0xF773E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7247000 pcmcia.sys
    0xF74FE000 MountMgr.sys
    0xF7228000 ftdisk.sys
    0xF7746000 PartMgr.sys
    0xF750E000 VolSnap.sys
    0xF7210000 atapi.sys
    0xF751E000 disk.sys
    0xF752E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF71F0000 fltmgr.sys
    0xF71DE000 sr.sys
    0xF753E000 PxHelp20.sys
    0xF71C7000 KSecDD.sys
    0xF71B4000 WudfPf.sys
    0xF7127000 Ntfs.sys
    0xF70FA000 NDIS.sys
    0xF70E0000 Mup.sys
    0xF6716000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7097000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF708B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6145000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF6131000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6109000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF5D92000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
    0xF77E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5D6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF77EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF76DE000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF5D5A000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF76EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF5D2E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF76FE000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF5CB3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF7806000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF780E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF5C7B000 \SystemRoot\System32\Drivers\aumqwvcm.SYS
    0xF770E000 \SystemRoot\System32\Drivers\tosrfcom.sys
    0xF7B87000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF771E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF6912000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5C64000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF772E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF755E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF788E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5C53000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF756E000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7896000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF789E000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF5C23000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF757E000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7A12000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5C00000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF5BA2000 \SystemRoot\system32\DRIVERS\update.sys
    0xF68FA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF758E000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF759E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF78A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF75AE000 \SystemRoot\system32\DRIVERS\tosporte.sys
    0xF75BE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA6A2000 \SystemRoot\system32\drivers\sthda.sys
    0xAA67E000 \SystemRoot\system32\drivers\portcls.sys
    0xF75DE000 \SystemRoot\system32\drivers\drmk.sys
    0xAA644000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0xAA54D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0xAA497000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xF78AE000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF75EE000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A18000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7BD9000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A1A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF776E000 \SystemRoot\System32\drivers\vga.sys
    0xF7A1C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF777E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7786000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF79A6000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA464000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA40B000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAA3E3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAA3BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF75FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAA373000 \SystemRoot\System32\drivers\afd.sys
    0xF760E000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF761E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF781E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xAA348000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAA2D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF763E000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAA21C000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7A2A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF6746000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
    0xF66E6000 \SystemRoot\System32\Drivers\oz776.sys
    0xF5B7A000 \SystemRoot\System32\Drivers\SMCLIB.SYS
    0xAA200000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
    0xAA176000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
    0xF66C6000 \SystemRoot\System32\Drivers\tosrfbnp.sys
    0xF7B22000 \SystemRoot\system32\drivers\Toshidpt.sys
    0xF66B6000 \SystemRoot\system32\drivers\HIDCLASS.SYS
    0xF77D6000 \SystemRoot\system32\drivers\HIDPARSE.SYS
    0xF768E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xAA15E000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7A42000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA1DC000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF77CE000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BB8000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAA00A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA9F0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9EFA000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA9BBD000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9D1A000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA9B42000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA97A0000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA966F000 \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys
    0xA9618000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA97E5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA7C6B000 \??\C:\DOCUME~1\J\LOCALS~1\Temp\kgldapow.sys
    0xA7C47000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA7C1C000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    604 C:\WINDOWS\system32\smss.exe
    824 csrss.exe
    856 C:\WINDOWS\system32\winlogon.exe
    908 C:\WINDOWS\system32\services.exe
    920 C:\WINDOWS\system32\lsass.exe
    1108 C:\WINDOWS\system32\svchost.exe
    1204 svchost.exe
    1320 C:\WINDOWS\system32\svchost.exe
    1356 C:\WINDOWS\system32\svchost.exe
    1484 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    1648 svchost.exe
    1748 svchost.exe
    1976 C:\WINDOWS\system32\LEXBCES.EXE
    2012 C:\WINDOWS\system32\LEXPPS.EXE
    2020 C:\WINDOWS\system32\spoolsv.exe
    288 scardsvr.exe
    320 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    500 svchost.exe
    584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    820 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1236 C:\Program Files\Bonjour\mDNSResponder.exe
    1400 svchost.exe
    1508 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    756 C:\WINDOWS\explorer.exe
    1900 C:\WINDOWS\system32\svchost.exe
    324 C:\Program Files\Java\jre6\bin\jqs.exe
    1472 C:\WINDOWS\system32\LxrJD31s.exe
    1600 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    1792 C:\WINDOWS\system32\svchost.exe
    1824 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
    2312 wmpnetwk.exe
    3608 C:\WINDOWS\system32\rundll32.exe
    3768 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    3792 C:\Program Files\DellTPad\Apoint.exe
    3900 C:\WINDOWS\system32\hkcmd.exe
    3908 C:\WINDOWS\system32\igfxpers.exe
    3928 C:\WINDOWS\system32\igfxsrvc.exe
    3940 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    3968 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    4012 C:\Program Files\DellTPad\ApMsgFwd.exe
    4028 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1072 C:\Program Files\DellTPad\hidfind.exe
    1264 C:\Program Files\DellTPad\ApntEx.exe
    1348 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    2060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2092 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2100 C:\WINDOWS\vsnpstd.exe
    2132 C:\Program Files\iTunes\iTunesHelper.exe
    2192 C:\WINDOWS\system32\ctfmon.exe
    2428 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3428 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    1872 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    2788 C:\WINDOWS\system32\wbem\unsecapp.exe
    1948 C:\Program Files\WinZip\WZQKPICK.EXE
    3424 alg.exe
    3328 wmiprvse.exe
    1728 wmiprvse.exe
    2108 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    3500 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    3872 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    4084 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    1908 C:\Program Files\iPod\bin\iPodService.exe
    2980 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
    3708 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    1860 C:\Program Files\Internet Explorer\iexplore.exe
    3648 C:\Program Files\Internet Explorer\iexplore.exe
    2636 C:\Program Files\Internet Explorer\iexplore.exe
    912 C:\Documents and Settings\J\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK6008GAH, Rev: BU011A

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. jstar1029

    jstar1029 TS Rookie Topic Starter

    heres the combofix log i attached it it took awhile but still no sign of the pop-ups anymore thanks in advance is there anything else to do?
     

    Attached Files:

  8. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Uninstall Ask.com - known adware.

    =========================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. jstar1029

    jstar1029 TS Rookie Topic Starter

    here is the otl.txt one it wouldnt let me copy it right in too long so i had to attach it
     

    Attached Files:

  10. jstar1029

    jstar1029 TS Rookie Topic Starter

    and this is the extra.txt one also attached thanks again for all the help
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    You're running low on C drive free space:
    =======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110
      FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
      FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.1
      FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080WQUS&fl=0&ptb=qfsxW1hPFywZYbGc8xjqaw&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c7fb&searchfor="
      FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
      [2010/06/13 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Mozilla\Firefox\Profiles\cl5nituy.default\extensions\searchtoolbar@zugo.com
      [2009/12/28 21:51:52 | 000,009,985 | ---- | M] () -- C:\Documents and Settings\J\Application Data\Mozilla\Firefox\Profiles\cl5nituy.default\searchplugins\mywebsearch.xml
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
      [4 C:\Documents and Settings\J\Desktop\*.tmp files -> C:\Documents and Settings\J\Desktop\*.tmp -> ]
      [1 C:\Documents and Settings\J\My Documents\*.tmp files -> C:\Documents and Settings\J\My Documents\*.tmp -> ]
      [2010/09/21 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall" =dword:00000001
      
      :Files
      C:\Program Files\MyWebSearch
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ======================================================================

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMOPRTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
     
  12. jstar1029

    jstar1029 TS Rookie Topic Starter

    hey sorry i havent been on in awhile but i have completed everything you have instructed me to do. i have attached all of the logs. when i did the online scan it came up empty there was no log to save and it said there were no threats found so i guess my computer is virus free? thanx for all the help it is much appreciated
     

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Update your Firefox.

    =========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  14. jstar1029

    jstar1029 TS Rookie Topic Starter

    here is the last log from otl thanx for all ur help ur a life saver :)
     

    Attached Files:

  15. Broni

    Broni Malware Annihilator Posts: 47,021   +255

    Assuming, all is good....

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.