It all started with Antivirus Pro 2009

[aingalls12]

About three days ago I received the Antivirus Pro 2009 pop up bubble on my task bar. Things have gone downhill from there.

Luckily, I found this forum fairly early on, which has been a great help. I obviously didn't "purchase" the license, but my browser has been redirected from just about any website that could help (although viewing cached sites from google was a workaround).

I've spent the last couple of nights trying to complete the 8-step virus removal instructions; but had a LOT of difficulty downloading, installing, updating and running both MBAM and SAS. I've had a lot of the same issues I've seen on other posts and ended up having to run the "FIXIT" EXE to break the log jam.

I'm just now to the point where I've been able to run updates to MBAM and SAS and get them working. I'm about ready to finish up my first run through of the 8 steps (hopefully, within the next couple of hours).

As I've said, this site has been extremely helpful, Is there anyone available to take a look at the logs when I can post them? I'm pretty much a novice at all of this and I don't think I'll be able to decipher the HJT report.

Although I haven't seen the Antivirus Pro 2009 pop up in a couple of days, I desperately want to make sure I get rid of this whole thing because the browser redirect seems to reinstall itself after I reboot.

Thanks in advance for any help!

 

[aingalls12]

Here are my logs from this evening. Any suggestions would be greatly appreciated.

 

[Kazi]

Tell me whats happening with your comp

Remove these form HJT

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O20 - AppInit_DLLs: karna.dat

Someone confirm these

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

 

[aingalls12]

Thanks for the reply!

Well, at first things seem to work a little better after I run SAS and MBAM (I can access websites, the browsers aren't as slow, etc.); however, once the system reboots the symptoms reappear.

Whatever is causing the problem seems to block certain websites (ie malware bytes, norton, etc), and also redirects google searches for a lot of other ones too. Additionally, my browser is running slower and I can't seem to update to the newest Java.

I'll try removing the first four files you suggested; should I hold off on the last two?

 

[aingalls12]

OK, I removed the first four files. After a reboot, I'm still having the same issues.

I ran a quick scan with SAS, which found only cookies. Should I run another MBAM or go ahead and remove the last two files identified above?

 

[aingalls12]

Well, I still seem to be having the same issue. When I run an MBAM scan it identifies and removes:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata

and

HKEY_LOCAL_MACHINE\SOFTWARE\tdss

Things run better for a while, but every time I reboot after running an MBAM, these two files seem to reinstall themselves.

I still haven't removed:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

I wanted to hold off on removing these via HJT until I hear back on whether it would be a good idea.

Any suggestions?