TechSpot

Google redirect malware, followed 5 steps

By asherlev1
Oct 27, 2011
  1. Hello!

    So I've tried my best to follow the 5 steps. My only issue was with the GMER run. It scanned for at least half an hour and then I got a pop up saying it hadn't detected any "system modification" and the log I saved was 0 bytes. If you would like me to, I can re-run the scan.

    Here is my Malwarebytes log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8030

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/27/2011 11:12:32 AM
    mbam-log-2011-10-27 (11-12-32).txt

    Scan type: Quick scan
    Objects scanned: 216862
    Time elapsed: 10 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 3
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\Users\ABC\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
    c:\Users\ABC\AppData\Local\apple computer\appleupdate\appleupdt32.dll (Trojan.SHarpro) -> Delete on reboot.
    c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MainConcept Update (Trojan.SHarpro) -> Value: MainConcept Update -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trolltech Update (Trojan.SHarpro) -> Value: Trolltech Update -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleTrayBackup (Trojan.SHarpro.PGen) -> Value: GoogleTrayBackup -> Delete on reboot.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\ABC\AppData\Local\Temp\thpm2633413151188715107.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\ABC\AppData\Local\Temp\thpm3792846461391213763.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\ABC\AppData\Local\Temp\thpm5926138642005400378.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\ABC\AppData\Local\Temp\thpm5975660293103670068.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\Butt\AppData\Local\Temp\thpm4413158692007424764.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
    c:\Users\ABC\local settings\application data\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
    c:\Users\ABC\AppData\Local\Adobe\adobeupdate\adobeupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
    c:\Users\ABC\local settings\application data\apple computer\appleupdate\appleupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
    c:\Users\ABC\AppData\Local\apple computer\appleupdate\appleupdt32.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.
    c:\programdata\googletraybackup.dll (Trojan.SHarpro.PGen) -> Quarantined and deleted successfully.

    GMER:

    0 byte file

    DDS.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by ABC at 12:14:22 on 2011-10-27
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1595 [GMT -4:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousManager.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: {01ca53af-50ee-4e51-a529-98273f104d9e} - C:\Users\ABC\AppData\Local\ServiceUser.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    BHO: Diigo Toolbar Helper: {84053da7-03de-4fb6-80ae-202c04691d8a} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    TB: Diigo Toolbar: {09197ffb-c236-4153-b268-31051e4f3b6c} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: Diigo Sidebar: {69523951-583f-418c-bde7-18efc9fd54b4} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\ABC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\MSOFFICE2000\Office\OSA9.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {B952F2E0-5F9F-4898-89A8-4FB770625E09} - {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B}\16474777966696 : DhcpNameServer = 10.128.72.129 64.134.255.2 64.134.255.10
    TCP: Interfaces\{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B}\24C4555475942554C4543535 : DhcpNameServer = 10.254.0.50
    TCP: Interfaces\{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B}\2575A45584 : DhcpNameServer = 10.130.136.13
    TCP: Interfaces\{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FF81493C-3324-4975-A764-A34E1001F957} : DhcpNameServer = 40.7.1.100
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    C:\Users\ABC\AppData\Local\ServiceUser.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    BHO-X64: Diigo Toolbar Helper: {84053DA7-03DE-4FB6-80AE-202C04691D8A} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB-X64: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    TB-X64: Diigo Toolbar: {09197FFB-C236-4153-B268-31051E4F3B6C} - C:\Program Files (x86)\Diigo\DiigoToolbar.5.1.31.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    EB-X64: {69523951-583F-418C-BDE7-18EFC9FD54B4} - No File
    EB-X64: {9D19C405-BA93-461B-871F-97992CC45972} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-4-16 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-27 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-27 110032]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-27 366152]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-30 228408]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-27 15:17:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0225444F-E522-4F64-A85E-019CC66CF3E8}\offreg.dll
    2011-10-27 15:00:46 -------- d-----w- C:\Users\ABC\AppData\Roaming\Malwarebytes
    2011-10-27 15:00:27 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-27 15:00:15 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-27 15:00:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-27 14:48:21 -------- d-----w- C:\Users\ABC\AppData\Roaming\Avira
    2011-10-27 14:45:29 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-10-27 14:45:29 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-10-27 14:45:27 -------- d-----w- C:\ProgramData\Avira
    2011-10-27 14:45:27 -------- d-----w- C:\Program Files (x86)\Avira
    2011-10-27 02:17:31 83456 ----a-w- C:\Windows\SysWow64\srrstr.dll
    2011-10-25 19:57:55 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0225444F-E522-4F64-A85E-019CC66CF3E8}\mpengine.dll
    2011-10-13 16:03:13 3134976 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-13 16:03:01 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2011-10-13 16:03:01 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-10-13 16:03:01 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2011-10-06 19:50:08 -------- d-----w- C:\Users\ABC\Recorder
    2011-09-27 17:22:20 -------- d-----w- C:\Program Files (x86)\Diigo
    .
    ==================== Find3M ====================
    .
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
    2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
    2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
    2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    .
    ============= FINISH: 12:15:50.58 ===============

    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/6/2010 2:30:42 PM
    System Uptime: 10/27/2011 11:14:09 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 363F
    Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 1491/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 35.287 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.341 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP140: 10/14/2011 8:17:09 PM - Windows Update
    RP141: 10/18/2011 5:42:17 PM - Windows Update
    RP142: 10/21/2011 1:30:16 PM - Windows Update
    RP143: 10/22/2011 3:00:13 AM - Windows Update
    RP144: 10/25/2011 3:56:41 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Adobe Shockwave Player
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Avira Free Antivirus
    AviSynth 2.5
    calibre
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    Delicious Add-on for Internet Explorer
    Diigo Toolbar for Internet Explorer
    HandBrake 0.9.5
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    K-Lite Codec Pack 6.4.0 (Standard)
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2000 Professional
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Move Media Player
    MSVCRT
    muvee Reveal
    Norton Online Backup
    Power2Go
    PowerDirector
    Professor Fizzwizzle
    QLBCASL
    QuickTime
    Real Alternative 2.0.2
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VLC media player 1.0.5
    WildTangent Games App (HP Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/27/2011 8:00:42 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    10/27/2011 12:14:09 PM, Error: NetBT [4321] - The name "ABC-PC :0" could not be registered on the interface with IP address 192.168.2.7. The computer with the IP address 192.168.2.6 did not allow the name to be claimed by this computer.
    10/27/2011 12:13:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{1F2760FA-B0FA-4ECC-A12A-33767BB4B91B} because another computer on the network has the same name. The server could not start.
    10/27/2011 12:13:37 PM, Error: NetBT [4321] - The name "ABC-PC :20" could not be registered on the interface with IP address 192.168.2.7. The computer with the IP address 192.168.2.6 did not allow the name to be claimed by this computer.
    10/27/2011 12:13:36 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    10/27/2011 12:13:36 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    10/27/2011 12:13:36 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    10/27/2011 11:14:22 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    10/27/2011 10:55:53 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/27/2011 10:41:55 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    10/26/2011 8:28:55 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    10/26/2011 2:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user ABC-PC\Family SID (S-1-5-21-622587576-257219784-654518826-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/26/2011 2:49:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    10/25/2011 9:34:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    10/25/2011 9:34:01 PM, Error: SRTSP [5] -
    10/22/2011 7:32:34 PM, Error: atikmdag [52250] - CPLIB :: OPM - Failed the HFS
    10/21/2011 7:11:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PNRPsvc service.
    10/21/2011 7:11:19 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    10/21/2011 7:11:19 PM, Error: Service Control Manager [7000] - The Peer Name Resolution Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    Thank you so much. Please let me know if I did anything wrong.
    Should I try checking to see if my google search has fixed or should I stay disconnected to the internet?
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot. I'll help with the malware.

    You do not need to disconnect from the internet. When you first put Combofix on the system, it will check to see if there is a Recovery Console installed. That requires an internet connection. I am also going to have you do an online virus scan-that also requires a connection.The malware is already on the system.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    I would like to ask about some of the infected files found in Malwarebytes.They would normally be legitimate files. Examples are the Adobe update and the Apple update- another is a Google Tray backup. But if you got them from a file sharing site (think 'torrent') you got malware with them. We'll check that.
    -----------------------------------
    Please run this scan first:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

    There will be malware in the Java cache so it needs to be cleaned:
    To clear the Java Plug-in cache:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon in the control panel. The Java Control Panel appears.
      [​IMG]
    3. .Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
    4. Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===================================
    Please reboot after cleaning the Java cache, then go on to the Eset scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave the log from Combofix in your next reply. Include Eset log if there is one.
    There is no log for the Java update or the cache clean.

    Please let me know if you have any problem.
     
  3. asherlev1

    asherlev1 TS Rookie Topic Starter

    Hi! Um, do you know how I can disable Malwarebytes? I accidentally clicked on the 'go to free trial' option from the download, and now it's actively protecting my styem. I will disable Avira, but I'm worried about Malwarebytes.
     
  4. asherlev1

    asherlev1 TS Rookie Topic Starter

    Hi!

    So the link for the ESET scan redirects me to this page: http://www.eset.com/us/

    Might you have an alternate link?

    Sorry for the inconvenience.
     
  5. asherlev1

    asherlev1 TS Rookie Topic Starter

    Hi!

    Just to update you, I've been running the ESET Online Scan for about 2 hours now, and it's only 24% done, so I'm not sure it'll get done tonight. When I go to sleep, my computer will probably fall asleep and the scan will shut down.

    I'll be back home at like 8 pm tomorrow so I'll try to see if I can get it done then, but I'm also going out of town on Saturday. So, I'm really sorry about this, but I'm thinking Sunday is when I can get all the logs to you.

    I appreciate your patience with me.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No problem. Post when you can.
     
  7. asherlev1

    asherlev1 TS Rookie Topic Starter

    Hi!

    So my dad did some plinking and plonking on my computer, and the google redirect seems to be gone. So I was hoping to keep this thread active for just a day or two longer while I go on all my usual haunts and see if any passwords appear to be compromised.

    I would really appreciate it.

    Thank you for all your help!
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Closing thread after 3 days.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...