Solved Virus problem: Internet search engines open random sites

Status
Not open for further replies.

wanderlust

Posts: 7   +0
Hello.

I have been experiencing problems with my computer for awhile. The current main problem, is that when I use google to search the internet, it will automatically direct me to another site (Infosmash.com is one of them). The computer it self also seems to be running slower than it usually does.

This was happening more often just a few weeks ago, and I also could not connect to Windows Update for awhile. I ran a bunch of virus scans and downloaded all of the anti-spyware programs that I could, which took care of some of my problems.

I ran the 6 step virus removal program and here are my resulting logs. (I attached the DDS files because they were too long). After running the programs my computer seems to be operating very sluggishly.

Thank you very much in advance for any assistance that you can offer.


MALWAREBYTES:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4458

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/21/2010 1:25:38 PM
mbam-log-2010-08-21 (13-25-38).txt

Scan type: Quick scan
Objects scanned: 156575
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{97f8ca3f-3d0f-411c-8846-8d242ade76fc} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{97f8ca3f-3d0f-411c-8846-8d242ade76fc} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97f8ca3f-3d0f-411c-8846-8d242ade76fc} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MS Essentials (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-22 22:29:55
Windows 5.1.2600 Service Pack 3
Running: hk365hhk.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwrcypoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x80 0x92 0x60 0x50 ...

---- EOF - GMER 1.0.15 ----
 

Attachments

  • Attach-dds.txt
    21.1 KB · Views: 0
  • DDS.txt
    20.4 KB · Views: 2
Welcome aboard
yahooo.gif


Please, re-run DDS in normal mode and post fresh logs.

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you Broni for your speedy reply.

Earlier my computer wasn't functioning well enough to run in normal mode, but I guess the startup in Safe Mode Cured it for now.

I have attached the new DDS files, as well as the Combofix file. The MBRCheck is below.

MBRCHECK:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200000d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltmgr.sys
0xB7EFF000 sr.sys
0xB80F8000 Lbd.sys
0xB8108000 PxHelp20.sys
0xB7EE8000 KSecDD.sys
0xB7ED5000 WudfPf.sys
0xB7E48000 Ntfs.sys
0xB7E1B000 NDIS.sys
0xB7E01000 Mup.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8588000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8458000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB6FFF000 \SystemRoot\system32\DRIVERS\parport.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB858C000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xB8460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
0xB6FED000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xB8468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8478000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xB8480000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB6FC9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8488000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6FA6000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8490000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB6F7E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6561000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB654D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6533000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB8598000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB6515000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xB86D9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB70A3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB85A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB64FE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB7093000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB7083000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB64ED000 \SystemRoot\system32\DRIVERS\psched.sys
0xB7073000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7063000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB7053000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85F4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB609C000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7043000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7023000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB5FDF000 \SystemRoot\system32\drivers\nvhda32.sys
0xB5FBB000 \SystemRoot\system32\drivers\portcls.sys
0xB7013000 \SystemRoot\system32\drivers\drmk.sys
0xB39A0000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85FC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87B3000 \SystemRoot\System32\Drivers\Null.SYS
0xB85FE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8368000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8370000 \SystemRoot\System32\drivers\vga.sys
0xB8600000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8602000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8378000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8380000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8580000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB38D8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB387F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB8258000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB3859000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3769000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3747000 \SystemRoot\System32\drivers\afd.sys
0xB8278000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB371C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB36AC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8298000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3689000 \??\C:\WINDOWS\system32\drivers\cbfs.sys
0xB6088000 \??\C:\WINDOWS\system32\drivers\BIOS.sys
0xB3662000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB8398000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB363E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB362D000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3795000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8420000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB87B1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB84CC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB3205000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2FDE000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB2E21000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB863E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2DE4000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xB2D2C000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xB2C23000 \SystemRoot\System32\Drivers\HTTP.sys
0xB2B7C000 \SystemRoot\system32\DRIVERS\srv.sys
0xB29F7000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0xB28CA000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2EB6000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8450000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB1D62000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
916 C:\WINDOWS\system32\smss.exe
972 csrss.exe
996 C:\WINDOWS\system32\winlogon.exe
1040 C:\WINDOWS\system32\services.exe
1052 C:\WINDOWS\system32\lsass.exe
1204 C:\WINDOWS\system32\nvsvc32.exe
1236 C:\WINDOWS\system32\svchost.exe
1368 svchost.exe
1432 C:\Program Files\Windows Defender\MsMpEng.exe
1472 C:\WINDOWS\system32\svchost.exe
1528 C:\WINDOWS\system32\svchost.exe
1724 svchost.exe
1772 svchost.exe
1944 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
260 C:\WINDOWS\system32\spoolsv.exe
352 svchost.exe
400 C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
428 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
668 C:\WINDOWS\system32\svchost.exe
704 C:\Program Files\Java\jre6\bin\jqs.exe
756 C:\WINDOWS\system32\HPZipm12.exe
808 C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.EXE
820 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
904 C:\WINDOWS\system32\svchost.exe
1616 C:\WINDOWS\system32\searchindexer.exe
2228 C:\WINDOWS\explorer.exe
2296 wmpnetwk.exe
3056 C:\WINDOWS\RTHDCPL.exe
3216 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3284 alg.exe
3608 C:\Documents and Settings\Owner\Local Settings\Application Data\ZumoDrive\app\zumodrive.exe
3688 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3736 C:\Program Files\Windows Defender\MSASCui.exe
3856 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3996 C:\WINDOWS\system32\rundll32.exe
4012 C:\WINDOWS\system32\ctfmon.exe
4084 C:\Program Files\Windows Media Player\wmpnscfg.exe
1304 C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
2076 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2244 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
1572 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2724 C:\Program Files\Mozilla Firefox\firefox.exe
424 C:\WINDOWS\system32\wuauclt.exe
3556 C:\Program Files\Mozilla Firefox\plugin-container.exe
2336 C:\WINDOWS\system32\searchprotocolhost.exe
2328 searchfilterhost.exe
3196 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 

Attachments

  • DDS-NEW.txt
    21.7 KB · Views: 0
  • MBRCheck_08.23.10_11.48.39.txt
    8.9 KB · Views: 0
  • ComboFix.txt
    30 KB · Views: 1
  • Attach-DDS new.txt
    21.1 KB · Views: 0
What really cured your computer (not totally yet), was Combofix.

I suggest, you uninstall HitmanPro, which is nothing else, but a bunch of free tools gathered in one program. On a top of it, HitmanPro is having copyright issues.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\Alcmtr.exe


Folder::
c:\documents and settings\All Users\Application Data\avg9


DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I looked for Hitman Pro in the Add/Remove Programs as well as in the start menu and couldn't find anything. Is there a place where it might be hiding?

Here are the combofix results:
 

Attachments

  • ComboFix.txt
    90.1 KB · Views: 1
Maybe just some leftovers.
We'll get rid of those manually.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
A continued thank you for your efforts to help me.

Here are the two files produced by OTL.
 

Attachments

  • Extras.Txt
    65.3 KB · Views: 1
  • OTL.Txt
    130.7 KB · Views: 1
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/06/23 14:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/06/23 14:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/06/28 18:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/06/22 08:45:56 | 000,001,899 | ---- | C] () -- C:\WINDOWS\System32\oilqbi
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Here are all of the resulting files.
 

Attachments

  • OTL-NEW.txt
    5.8 KB · Views: 1
  • checkup.txt
    1 KB · Views: 2
  • kaspersky.txt
    847 bytes · Views: 1
It looks like you didn't run JavaRa (my reply #8) to remove old Java versions.
Please, do it now.

=========================================================================

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thank you again for all of your help. I really appreciate you spending your time helping me out.

I had run JavaRa previously, and noticed that it showed up in one of the logs, but assumed that maybe it was showing somethign that was previously deleted. I tried running it again, and it still does not remove either ver. 16 or 20. I tried to go to Add/Remove programs, and when manually trying to remove ver 16 it says "Fatal Error During Installation"
 
That's fine. It may be just dead listing.

I assume, your computer is doing fine?
 
It is. I have had limited use in the past few days, but i have yet to be redirected and it seems to be running smoothly. Thank you again.
 
Status
Not open for further replies.
Back