TechSpot

Links redirected in multiple browsers and search engines (xp)

Inactive
By x904401
Jul 12, 2011
Topic Status:
Not open for further replies.
  1. Hi Guys.

    It started with the annoying 'windows xp fix' viruses (buy our virus checker to fix the problem we caused) which I promptly dispatched with a system restore to an earlier point (April 1st). This has however left me with a link redirect (ie8 and FireFox) when I select a link (google, Bing, Yahoo) to differing sites.

    I've thrown everything I can think of at it (Malwarebytes' Anti-Malware, AVG, Ad Aware, Windows Defender, Microsoft Security Essentials) I also had a look at my processes but I just can't find this one.

    Thanks for your help!

    Fred
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Good Morning, Fred and welcome to TechSpot! I'll be glad to help with the malware. Howeverm we don't 'screen' for malware using HijackThis.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. x904401

    x904401 TS Rookie Topic Starter

    mbam-log-2011-07-12 (15-10-01).txt

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7084

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/07/2011 15:10:01
    mbam-log-2011-07-12 (15-10-01).txt

    Scan type: Quick scan
    Objects scanned: 171857
    Time elapsed: 4 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. x904401

    x904401 TS Rookie Topic Starter

    dds.txt

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Lenny at 16:41:04 on 2011-07-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1185 [GMT 1:00]
    .
    AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\VDOTool\TBPanel.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [TBPanel] c:\program files\vdotool\TBPanel.exe /A
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214910992735
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    Hosts: 80.xxx.xxx.xx OURDOMAIN.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\wolfy\application data\mozilla\firefox\profiles\d35dqaw5.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e1af38e&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-29 366640]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-29 22712]
    S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys --> c:\windows\system32\drivers\mv61xx.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-7-1 38656]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-11 1025352]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-7-11 20552]
    S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
    .
    =============== Created Last 30 ================
    .
    2011-07-12 10:24:01 -------- d-----w- c:\program files\Trend Micro
    2011-07-12 10:13:27 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-07-12 10:13:24 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{dd6ef158-ce80-43fa-a86f-c4f5e87e0da8}\mpengine.dll
    2011-07-11 16:15:16 -------- d-----w- c:\documents and settings\wolfy\local settings\application data\AVG Security Toolbar
    2011-07-11 13:39:18 -------- d--h--w- C:\$AVG
    2011-07-11 13:30:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-11 13:18:18 -------- d-----w- c:\program files\Lavasoft
    2011-07-11 12:59:37 -------- d-----w- c:\documents and settings\wolfy\application data\AVG10
    2011-07-11 12:59:06 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-07-11 12:58:52 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
    2011-07-11 12:57:15 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-07-11 12:57:15 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-07-11 12:56:07 -------- d-----w- c:\program files\AVG
    2011-07-11 12:54:09 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-07-11 12:52:02 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
    2011-07-11 12:35:04 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-07-11 12:34:22 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-07-11 12:06:44 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-07-11 11:52:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-07-11 11:52:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-07-11 11:03:15 54016 ----a-w- c:\windows\system32\drivers\sdjurjmm.sys
    .
    ==================== Find3M ====================
    .
    2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 08:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ------w- c:\windows\system32\drivers\mup.sys
    2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    .
    ============= FINISH: 16:47:50.42 ===============
  5. x904401

    x904401 TS Rookie Topic Starter

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 01/07/2008 11:30:53
    System Uptime: 12/07/2011 16:01:00 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5K SE
    Processor: Intel Pentium III Xeon processor | LGA775 | 3003/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 128 GiB total, 53.446 GiB free.
    D: is FIXED (NTFS) - 105 GiB total, 89.78 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Description: Marvell 61xx Marvell RAID Controller
    Device ID: PCI\VEN_11AB&DEV_6121&SUBSYS_82A21043&REV_B2\4&332B0EE8&0&00E4
    Manufacturer: Marvell Inc.
    Name: Marvell 61xx Marvell RAID Controller
    PNP Device ID: PCI\VEN_11AB&DEV_6121&SUBSYS_82A21043&REV_B2\4&332B0EE8&0&00E4
    Service: mv61xx
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
    Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
    Manufacturer: Attansic
    Name: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
    PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
    Service: AtcL001
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    RP366: 13/04/2011 17:19:28 - System Checkpoint
    RP367: 14/04/2011 09:51:29 - Software Distribution Service 3.0
    RP368: 03/05/2011 10:16:03 - Software Distribution Service 3.0
    RP369: 03/05/2011 10:31:13 - Software Distribution Service 3.0
    RP370: 03/05/2011 10:52:54 - Software Distribution Service 3.0
    RP371: 04/05/2011 11:42:47 - System Checkpoint
    RP372: 04/05/2011 16:17:43 - Software Distribution Service 3.0
    RP373: 05/05/2011 16:28:02 - System Checkpoint
    RP374: 06/05/2011 09:46:30 - Software Distribution Service 3.0
    RP375: 09/05/2011 11:12:24 - System Checkpoint
    RP376: 11/05/2011 09:45:35 - Software Distribution Service 3.0
    RP377: 11/05/2011 16:11:41 - Software Distribution Service 3.0
    RP378: 16/05/2011 09:43:32 - Software Distribution Service 3.0
    RP379: 17/05/2011 09:38:53 - Software Distribution Service 3.0
    RP380: 18/05/2011 09:41:47 - Software Distribution Service 3.0
    RP381: 19/05/2011 10:05:52 - Software Distribution Service 3.0
    RP382: 20/05/2011 10:13:21 - Software Distribution Service 3.0
    RP383: 23/05/2011 09:51:20 - Software Distribution Service 3.0
    RP384: 24/05/2011 11:04:04 - Software Distribution Service 3.0
    RP385: 25/05/2011 14:40:16 - Software Distribution Service 3.0
    RP386: 31/05/2011 11:41:10 - Software Distribution Service 3.0
    RP387: 02/06/2011 11:03:42 - Software Distribution Service 3.0
    RP388: 06/06/2011 15:59:27 - Software Distribution Service 3.0
    RP389: 08/06/2011 09:44:05 - Software Distribution Service 3.0
    RP390: 08/06/2011 14:28:00 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP391: 08/06/2011 14:28:30 - Removed Java(TM) 6 Update 11
    RP392: 08/06/2011 14:28:49 - Installed Java(TM) 6 Update 22
    RP393: 08/06/2011 14:29:21 - Installed OpenOffice.org 3.3
    RP394: 14/06/2011 11:49:22 - Software Distribution Service 3.0
    RP395: 15/06/2011 11:43:26 - Software Distribution Service 3.0
    RP396: 16/06/2011 15:05:37 - Software Distribution Service 3.0
    RP397: 17/06/2011 15:00:53 - Software Distribution Service 3.0
    RP398: 21/06/2011 11:28:07 - Software Distribution Service 3.0
    RP399: 21/06/2011 11:37:51 - Software Distribution Service 3.0
    RP400: 21/06/2011 13:40:21 - Software Distribution Service 3.0
    RP401: 23/06/2011 09:12:54 - Software Distribution Service 3.0
    RP402: 24/06/2011 10:36:24 - Software Distribution Service 3.0
    RP403: 27/06/2011 09:53:58 - Software Distribution Service 3.0
    RP404: 28/06/2011 10:08:32 - Software Distribution Service 3.0
    RP405: 28/06/2011 15:13:13 - Software Distribution Service 3.0
    RP406: 29/06/2011 09:59:20 - Software Distribution Service 3.0
    RP407: 29/06/2011 11:00:35 - Software Distribution Service 3.0
    RP408: 30/06/2011 12:32:26 - System Checkpoint
    RP409: 01/07/2011 09:38:35 - Software Distribution Service 3.0
    RP410: 11/07/2011 11:16:58 - Software Distribution Service 3.0
    RP411: 11/07/2011 12:43:48 - Restore Operation
    RP412: 11/07/2011 12:57:42 - Software Distribution Service 3.0
    RP413: 11/07/2011 13:15:24 - Software Distribution Service 3.0
    RP414: 11/07/2011 13:55:45 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP415: 11/07/2011 13:56:06 - Installed AVG 2011
    RP416: 11/07/2011 13:57:00 - Installed AVG 2011
    RP417: 11/07/2011 14:11:54 - Software Distribution Service 3.0
    RP418: 11/07/2011 14:17:36 - Installed Ad-Aware
    RP419: 11/07/2011 14:18:09 - Installed Ad-Aware
    RP420: 12/07/2011 11:01:49 - Removed Ad-Aware
    RP421: 12/07/2011 11:10:42 - Installed Windows Defender
    RP422: 12/07/2011 11:13:20 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3
    Apache HTTP Server 2.0.52
    Apple Application Support
    Apple Software Update
    Attansic Ethernet Utility
    Attansic L1 Gigabit Ethernet Driver
    AVG 2011
    Borland Delphi 7
    Brother HL-5250DN
    Crystal Reports Basic for Visual Studio 2008
    DivX Setup
    FileZilla Client 3.3.3
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPGNet
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB973674)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Pro 8
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    Logitech® Camera Driver
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Magic DVD Ripper V5.5.0
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Close Combat: A Bridge Too Far
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 Design Tools ENU
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Database Publishing Wizard 1.2
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Performance Collection Tools - ENU
    Microsoft Visual Studio Team System 2008 Development Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    Mozilla Firefox (3.6.2pre)
    MSDN Library for Visual Studio 2008 - ENU
    MSXML 6.0 Parser
    NVIDIA Drivers
    Pascal Analyzer 4 Eval
    PGIII Scorched Earth
    Realtek High Definition Audio Driver
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SimCity 4
    Spelling Dictionaries Support For Adobe Reader 9
    Supreme Commander
    Trust Webcam 14881
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Visual Studio Team System 2008 Development Edition - ENU (KB972221)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VDOTool 6.1
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    WebFldrs XP
    Winamp
    Windows Defender
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows XP Service Pack 3
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    ZebraDesigner
    Zoom Search Engine 5.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/07/2011 16:38:42, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    12/07/2011 15:40:48, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/07/2011 15:37:00, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    11/07/2011 14:03:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv61xx
    11/07/2011 12:55:01, error: Service Control Manager [7024] - The Java Quick Starter service terminated with service-specific error 1 (0x1).
    11/07/2011 12:55:01, error: Service Control Manager [7024] - The Apache2 service terminated with service-specific error 1 (0x1).
    11/07/2011 12:55:01, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.
    11/07/2011 12:54:28, error: Microsoft Antimalware [2004] -
    11/07/2011 12:33:28, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
    11/07/2011 12:30:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/07/2011 12:29:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/07/2011 12:27:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    11/07/2011 12:27:20, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    11/07/2011 12:27:20, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/07/2011 12:27:20, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/07/2011 12:27:20, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/07/2011 12:27:20, error: Service Control Manager [7001] - The Apache2 service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    11/07/2011 11:48:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
  6. x904401

    x904401 TS Rookie Topic Starter

    Gmer

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-12 16:35:11
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3250820AS rev.3.AAE
    Running: 10vqtvmj.exe; Driver: C:\DOCUME~1\Wolfy\LOCALS~1\Temp\pwloraob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:112] 8A5600B3

    ---- EOF - GMER 1.0.15 ----
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for your patience. I am running behind and trying very hard to catch up!

    We need to do some housekeeping before going on:

    1. There are 3 outdated versions of Java running. These are vulnerabilities to the system. Please do the following:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Check the download screen for any pre-checked items before you download. Uncheck any tool bars or BHOs
    ==========================================
    2. Please uninstall Hitman Pro. I see 2 entries for data but don't see it installed. (If only data remains, I can remove it after Combofix.) This program is a bundle of freeware programs that can be found on the internet. Hitman will only remove entries during the trial period, but after that, you have to but the program. The scam, in my opinion, is that the individual programs will all find and fix free!
    ==========================================
    I'd like you to run Combofix. It will note run with AVG so you will have to temporarily uninstall it:
    3. Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    4. Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    5.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    All logs in next reply please.

    6. Question: Did you handle this setting for your privacy and security?> Hosts: 80.xxx.xxx.xx OURDOMAIN.com

    ===========================================
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It's time to close this thread. I'll extend it for a couple of days. If you still need help, please let me know.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.