TechSpot

Vista Anti Spyware + Redirect Help.. Followed prelim 7 steps

By Andrewnyc0129
Jun 7, 2011
  1. So I had a problem with redirection a while back which I thought had been taken care of after running combofix. Recently I discovered a new virus called Vista Anti Spyware that wont allow me to use the internet because a page will popup saying I need to run anti spyware or that my computer is at risk.


    I looked in the forum and followed the main 7 steps and will post the logs. Any help will be greatly appreciated. This problem is very annoying and I just want my PC to go back to normal. Thanks

    Malware Bytes Log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    6/7/2011 12:59:00 AM
    mbam-log-2011-06-07 (00-59-00).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 300872
    Time elapsed: 2 hour(s), 28 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER Log

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-07 01:20:14
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: wm3ru5uu.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x92A189C0]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x92A189FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x92A18A41]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x92A18930]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x92A18944]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x92A189D4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x92A18A69]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x92A18A55]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x92A189AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x92A18998]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x92A18A14]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x92A189EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----


    DDS log

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
    Run by Andrew at 1:06:59 on 2011-06-07
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1037 [GMT -4:00]
    .
    AV: McAfee VirusScan *Enabled/Outdated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: McAfee VirusScan *Enabled/Outdated* {91492D4B-0869-000E-929C-AE00AA450731}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\PC Tools Security\pctsAuxs.exe
    C:\Program Files\PC Tools Security\pctsSvc.exe
    C:\Program Files\Dell Video Chat\DellVideoChat.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\PC Tools Security\pctsGui.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Users\you\Downloads\wm3ru5uu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com?o=16794S&l=dis
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [Google Update] "c:\users\andrew\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
    uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
    mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 213.109.68.116 213.109.73.172 1.1.1.1
    TCP: Interfaces\{895EB826-46B6-4FC9-A14F-2A48FDA3DDFA} : DhcpNameServer = 213.109.68.116 213.109.73.172 1.1.1.1
    TCP: Interfaces\{A5754BCB-067F-4E67-A192-DC48C6E00DE6} : DhcpNameServer = 213.109.68.116 213.109.73.172 1.1.1.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\y3wh73f2.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\y3wh73f2.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\andrew\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\andrew\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-6-5 263888]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-6-5 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-6-5 656320]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-13 201320]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-5 233976]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2010-11-17 81920]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-6 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-6 269480]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-5 1168632]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-6 61960]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-13 358224]
    R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-10-13 144704]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2010-1-6 126392]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-6-5 371472]
    R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-6-5 1117144]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-13 475136]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-10-13 54784]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-10-13 203264]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-13 695624]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-13 79304]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-13 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-13 40488]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-6-5 337872]
    S2 gupdate1c9bcabcf4fc1f0;Google Update Service (gupdate1c9bcabcf4fc1f0);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2010-1-6 120248]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-6 1153368]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-13 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-14 38224]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-13 33832]
    S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-10-13 144672]
    S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-10-13 277504]
    .
    =============== Created Last 30 ================
    .
    2011-06-07 03:46:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-07 03:46:46 -------- d-----w- c:\programdata\Avira
    2011-06-07 03:46:46 -------- d-----w- c:\program files\Avira
    2011-06-06 15:26:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-06-06 15:26:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-05 19:47:53 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-06-05 19:47:52 2078672 ----a-w- c:\windows\PCTBDCore.dll
    2011-06-05 19:47:52 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-06-05 19:47:52 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-06-05 19:11:14 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-06-05 19:11:14 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-06-05 19:11:11 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-06-05 19:11:11 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2011-06-05 19:11:01 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-06-05 19:11:01 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-06-05 19:10:55 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-06-05 19:10:43 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-06-05 19:10:18 -------- d-----w- c:\program files\PC Tools Security
    2011-06-05 19:10:18 -------- d-----w- c:\program files\common files\PC Tools
    2011-06-05 19:04:09 -------- d-----w- c:\programdata\PC Tools
    2011-06-05 19:01:00 -------- d-s---w- C:\ComboFix
    2011-06-05 18:46:14 335872 --sha-w- c:\users\andrew\appdata\local\sgi.exe
    2011-06-05 18:45:57 335872 --sha-w- c:\users\andrew\appdata\local\kjb.exe
    2011-06-05 17:10:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-06-05 17:10:00 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-06-05 17:10:00 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-06-05 17:09:59 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-06-05 17:09:59 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-06-05 17:09:59 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-06-05 17:09:59 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-06-05 17:09:58 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-06-04 04:49:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-04 03:36:56 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c52f706a-9dfb-49b2-a742-47ed52baf65e}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-26 20:58:02 144556533 ----a-w- c:\windows\DUMP3d3e.tmp
    .
    ============= FINISH: 1:08:42.41 ===============

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/13/2008 1:51:07 PM
    System Uptime: 6/6/2011 10:36:00 AM (15 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 1000/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 196.681 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.629 GiB free.
    E: is Removable
    F: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP513: 6/6/2011 5:08:15 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Photoshop CS3
    Adobe Reader 9.2
    Adobe Shockwave Player
    Advanced Audio FX Engine
    AIM 7
    AIMTunes
    Apple Application Support
    Apple Mobile Device Support
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    BlackBerry Desktop Software 6.0
    Bonjour
    Browser Defender 3.0
    Buddy Icon Maker 1.0.0.1
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell Driver Download Manager
    Dell Video Chat (remove only)
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    Download Updater (AOL LLC)
    EVEREST Ultimate Edition v5.50
    FoxyTunes for Firefox
    FrostWire 4.21.3
    Google Chrome
    Google Desktop
    Google Talk Plugin
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IDT Audio
    iTunes
    Java Auto Updater
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB973688)
    Norton PC Checkup
    QuickTime
    Skype Toolbars
    Skype™ 5.1
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Spyware Doctor 8.0
    Videora iPod Converter 4.02
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VoiceOver Kit
    YouTube Downloader App 1.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/6/2011 5:08:13 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    6/6/2011 11:08:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
    6/6/2011 11:08:00 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 2150760449 (0x80320001).
    6/6/2011 11:07:55 PM, Error: Service Control Manager [7034] - The Browser Defender Update Service service terminated unexpectedly. It has done this 1 time(s).
    6/6/2011 11:07:37 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
    6/6/2011 11:07:33 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/6/2011 11:07:27 PM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
    6/6/2011 11:07:22 PM, Error: Service Control Manager [7034] - The Norton PC Checkup Application Launcher service terminated unexpectedly. It has done this 1 time(s).
    6/6/2011 11:07:18 PM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/6/2011 11:07:14 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/6/2011 11:07:11 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
    6/6/2011 11:07:04 PM, Error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/6/2011 10:35:12 AM, Error: EventLog [6008] - The previous system shutdown at 1:54:59 AM on 6/6/2011 was unexpected.
    6/6/2011 10:21:08 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00225F1641A2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    6/6/2011 1:18:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk MPFP NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:16:15 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/6/2011 1:15:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/6/2011 1:15:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/6/2011 1:15:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/6/2011 1:15:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/6/2011 1:15:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/6/2011 1:15:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/5/2011 7:33:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:25:46 PM on 6/5/2011 was unexpected.
    6/5/2011 3:32:32 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00225F1641A2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/2/2011 11:30:12 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    6/2/2011 11:29:12 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.
    6/2/2011 11:16:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    6/2/2011 11:16:16 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
    6/2/2011 1:43:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    6/1/2011 9:04:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have run an old version of Malwarebytes- that is not the version in our steps. Please remove the Mbam you have now and start it over. It's not going to find this malware because it isn't in the database on the old version.
    I am going to make a change since you have to do over: you need to run a Full Scan. Follow instructions below:

    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Full Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    =============================================
    When you have completed the scan, do the following:
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    (There is no log to leave for this)
    ===========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ====================================
    ***Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.***
    Leave the logs for Mbam and Combofix in your next reply.

    Note: You may be seeing some improvement. That does not mean all the malware entries are gone. Please continue with the cleaning.
     
  3. Andrewnyc0129

    Andrewnyc0129 TS Rookie Topic Starter

    Downloaded New Malwarebytes Anti- Malware and ran the scan

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6800

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    6/7/2011 6:54:22 PM
    mbam-log-2011-06-07 (18-54-22).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 369212
    Time elapsed: 3 hour(s), 44 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Andrew\AppData\Local\sgi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Andrew\AppData\Local\sgi.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Andrew\AppData\Local\sgi.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    combofix log

    ComboFix 11-06-06.07 - Andrew 06/07/2011 19:20:11.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1343 [GMT -4:00]
    Running from: c:\users\Andrew\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: McAfee VirusScan *Disabled/Outdated* {2A28CCAF-2E53-0F80-A82C-9572D1C24D8C}
    FW: McAfee Personal Firewall *Disabled* {12134D8A-643C-0ED8-8373-3C472F110AF7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: McAfee VirusScan *Disabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
    SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-07 23:43 . 2011-06-07 23:43 -------- d-----w- c:\users\you\AppData\Local\temp
    2011-06-07 23:43 . 2011-06-07 23:43 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-06-07 23:43 . 2011-06-07 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-07 23:12 . 2011-06-07 23:12 -------- d-----w- c:\users\Andrew\AppData\Roaming\Avira
    2011-06-07 18:42 . 2011-06-07 18:42 711728 ----a-w- c:\windows\isRS-000.tmp
    2011-06-07 18:42 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-07 18:42 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-07 03:46 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-07 03:46 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-07 03:46 . 2011-06-07 03:46 -------- d-----w- c:\programdata\Avira
    2011-06-07 03:46 . 2011-06-07 03:46 -------- d-----w- c:\program files\Avira
    2011-06-07 02:10 . 2011-06-07 02:10 -------- d-----w- c:\users\you\AppData\Roaming\Malwarebytes
    2011-06-06 15:26 . 2011-06-07 02:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-06-06 15:26 . 2011-06-06 15:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-05 19:47 . 2011-05-20 15:44 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-06-05 19:47 . 2011-05-20 15:44 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-06-05 19:47 . 2011-05-20 15:44 2078672 ----a-w- c:\windows\PCTBDCore.dll
    2011-06-05 19:47 . 2011-05-20 15:44 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-06-05 19:11 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-06-05 19:11 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-06-05 19:11 . 2011-05-12 12:59 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2011-06-05 19:11 . 2011-05-06 17:26 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-06-05 19:11 . 2011-05-11 17:35 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-06-05 19:11 . 2011-05-11 13:55 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-06-05 19:10 . 2011-03-10 13:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-06-05 19:10 . 2011-05-06 17:28 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-06-05 19:10 . 2011-06-07 23:07 -------- d-----w- c:\program files\PC Tools Security
    2011-06-05 19:10 . 2011-06-05 19:48 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-06-05 19:04 . 2011-06-05 19:10 -------- d-----w- c:\programdata\PC Tools
    2011-06-05 17:10 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-06-05 17:10 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-06-05 17:10 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-06-05 17:09 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-06-05 17:09 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-06-05 17:09 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-06-05 17:09 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-06-05 17:09 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-06-04 04:49 . 2011-06-04 19:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-04 03:36 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C52F706A-9DFB-49B2-A742-47ED52BAF65E}\mpengine.dll
    2011-05-20 04:56 . 2011-05-20 04:56 -------- d-----w- c:\users\you\AppData\Local\Apple Computer
    2011-05-20 04:44 . 2011-05-30 12:04 -------- d-----w- c:\users\you\AppData\Roaming\skypePM
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-26 20:58 . 2008-10-14 01:26 144556533 ----a-w- c:\windows\DUMP3d3e.tmp
    2011-04-14 16:26 . 2011-06-05 17:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-06-25 06:47 . 2009-10-30 17:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
    "SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-06-13 4758904]
    "ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-02-10 18784440]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-06-09 814144]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-25 30192]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
    "Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-07-24 993520]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483428]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-05-20 247760]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    .
    c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    c:\users\you\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-20 113664]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-10-13 23:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Andrew\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Andrew\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
    R2 gupdate1c9bcabcf4fc1f0;Google Update Service (gupdate1c9bcabcf4fc1f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-25 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-07-28 144672]
    R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-07-28 277504]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-05-11 263888]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-17 81920]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-05-20 337872]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [2010-12-14 120248]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [2009-08-24 126392]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-06-30 475136]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - SSMDRV
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:49]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:49]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4260835705-1188298559-1849461784-1000Core.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-18 09:14]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4260835705-1188298559-1849461784-1000UA.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-18 09:14]
    .
    2011-05-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-13 18:32]
    .
    2011-06-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-13 18:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=16794S&l=dis
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\y3wh73f2.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-07 19:44
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4260835705-1188298559-1849461784-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***Z%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-4260835705-1188298559-1849461784-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/*e"]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-4260835705-1188298559-1849461784-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/*e"\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-4260835705-1188298559-1849461784-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*/*e"]
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(7484)
    c:\program files\DigitalPersona\Bin\DpoFeedb.dll
    c:\program files\DigitalPersona\Bin\DpoSet.dll
    .
    Completion time: 2011-06-07 19:50:45
    ComboFix-quarantined-files.txt 2011-06-07 23:50
    ComboFix2.txt 2010-11-15 03:31
    .
    Pre-Run: 209,628,352,512 bytes free
    Post-Run: 209,233,035,264 bytes free
    .
    - - End Of File - - FF1DB95F418CF2CB16726038E0928A99

    thanks so much for your help
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay- I'm having intermittent loss of internet connection and the ISP can't figure out why!.

    DId you notice the different in the Mbam log? That's why we always need the most current database.

    You have 2 AV programs. Please remove one of them:
    AV: McAfee VirusScan: McAfee Removal \
    AV: AntiVir Desktop : To uninstall Avira:
    • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
    • Wait for the list of installed programs to load, then click the name of the Avira program.
    • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
    • Press Yes, to confirm the removal and then OK.
    • . Click Next until Finish. The software is removed.
    Please reboort the computer when finished.
    =================================
    Please go ahead and run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    Your homepage is set to ask.com. I will be changing that and removing any ask.com entries. In the meantime, look on Add/Remove Programs and uninstall any entries for Ask .
     
  5. Andrewnyc0129

    Andrewnyc0129 TS Rookie Topic Starter

    Not a problem. Hope your issue gets fixed asap, meanwhile thanks for replying to my post. I ran the online scanner and these were the results:


    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7abe31c0-3b13e81e multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5b1214a-3ea45f91 Java/TrojanDownloader.Agent.NCM trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\69f70b4a-7bf9c140 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2933710c-45a3a72e probably a variant of Win32/Agent.RPSVWU trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4604e10c-16e052d2 Java/TrojanDownloader.OpenStream.NBL trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5bbe980f-38628324 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\57b2b890-7947a6c1 probably a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\556f5f51-2d531783 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\6d69fa52-1e9f2e9f multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\13e6bc2-5bb7289b multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\72e3a02-52f1e547 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\1b095158-63e42c30 a variant of Java/Exploit.CVE-2009-2843.B trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-3d4f406a multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7061701b-7356951e multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2168fa83-1ea7ee72 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\79b0fdc3-30bf0243 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\281e7c9f-7e5cf7ce multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\19322960-562b459f a variant of Java/Agent.BR trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7924e120-2bc6fe95 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\d9ad60-65ef2145 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7ffc20e1-7f9cddf6 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\3289f822-4fb1b3e2 a variant of Java/Agent.BR trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-3501ba61 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3c935363-51a6daef multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5be8fda4-2f5ca448 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3b4d8b25-1f3b7a3a multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\73df1e65-4bec988c multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2e1d60a6-72161d09 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3599fd26-2dd63af7 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5f23bb26-59dd17f5 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\8f85c44-6dbd8977 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\28988a29-38024527 Java/TrojanDownloader.OpenStream.NBL trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\f4e4a9-7e18994e multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-6b0fbe49 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6eeafe70-3b7243fc multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3ae03185-7cb9fa14 probably a variant of Java/Agent.BR trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\10bc3e73-6189d4a3 probably a variant of Win32/Agent.RPSVWU trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\4aefc2f6-4bc08473 a variant of Java/Agent.BR trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6c1994f6-5142aff6 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2e1a20f7-60f32430 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5a71be37-24f31fb3 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\77372737-48848a32 probably a variant of Win32/Agent.RPSVWU trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\286de3b8-49d91fe8 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\58e40278-3dd5a548 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\23105b3a-5f05a72b multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\766920c6-789beabb multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\63847cfc-1b503e3f multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6cb64d7d-72e1ca00 probably a variant of Java/Agent.BR trojan
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6f62337d-72ab1881 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5e91f73f-476230d2 multiple threats
    C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\5450ce47-1be6a6f2 probably a variant of Java/Agent.BR trojan
    C:\Users\Andrew\Documents\LimeWire\Saved\listen to your heart acoustic.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Windows\restore.exe Java/IRCBot.A trojan

    I also went ahead and checked for any programs to uninstall named Ask but didnt find any in the results for my search.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- lots of entries in the Java cache (we will need to check you settings) - so let's empty it:

    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ================================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      
      :Files 
      C:\Users\Andrew\Documents\LimeWire\Saved\listen to your heart acoustic.mp3 
      C:\Windows\restore.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Best you stop getting download through LimeWire. You got a variant of WMA/TrojanDownloader.GetCodec.gen trojan when you saved "listen to your heart acoustic.mp3". This Trojan modifies media files- converts all media files to the WMA format and adds a field to the header that includes a URL pointing the user to a new codec, claiming that the codec has to be downloaded so that the media files can be read.
    So you might want to check out your media files status.
    ========================================
    We need to check for a Virut infection or rule it out:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    ================================================
    I'm going to wait on the VirSCAN before going any further.
     
  7. Andrewnyc0129

    Andrewnyc0129 TS Rookie Topic Starter

    I deleted the files from java and ran the OT moveit program and these were the results:


    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Andrew\Documents\LimeWire\Saved\listen to your heart acoustic.mp3 not found.
    C:\Windows\restore.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Andrew
    ->Temp folder emptied: 48950908 bytes
    ->Temporary Internet Files folder emptied: 54524781 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 51696680 bytes
    ->Google Chrome cache emptied: 359203738 bytes
    ->Flash cache emptied: 91400 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: you
    ->Temp folder emptied: 213249 bytes
    ->Temporary Internet Files folder emptied: 17269306 bytes
    ->Java cache emptied: 13689508 bytes
    ->FireFox cache emptied: 13722494 bytes
    ->Google Chrome cache emptied: 85070176 bytes
    ->Flash cache emptied: 7175 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 145646371 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22225148 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5022931 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494473 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 804.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06142011_160924

    Files moved on Reboot...

    Registry entries deleted on Reboot...


    So with the virscan I did all three of them but it did not allow me to copy the results to the clipboard. The first two read no malware and the entry for svchost said the upload file could not be found. I tried several times .
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What did not work?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like to bring this to your attention: OTM Total Files Cleaned = 804.00 mb. This is a very large amount of files. It can indicate that you are not doing any maintenance on the system such as disc cleanup to include deleting temporary internet files and Cookies, running the Error Check and defrag.

    Before I give you any script to run through Combofix: I found all of the following security and 'cleanup' type entries in your logs:

    There is a very good chance that the excess of some security programs is actually leaving the system more vulnerably, not less. So far I see:
    (AV=antivirus. FW=firewall. SP=spyware/antimalware)
    AV: AntiVir Desktop
    AV: McAfee VirusScan *Disabled/Outdated<<<<<<
    FW: McAfee Personal Firewall
    SP: AntiVir Desktop
    SP: McAfee VirusScan
    SP: Spyware Doctor *Disabled/Outdated (from PC Tools)
    SP: Windows Defender
    EVEREST Ultimate Edition v5.50>> This has been discontinued.
    Norton PC Checkup
    PCTools Security:>> AV, FW, SP
    Lavasoft\Ad-Aware> SP
    Spybot - Search & Destroy> SP
    Malwarebytes' Anti-Malware> SP

    I have seen users with so much security trying to keep others out, that they and up locking themselves in and can't access the internet.

    You should have: One AV, One FW, Two or more spyware/antimalware. But it's best to combine type of antimalware programs, rather that just a log of them!
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Note: I will be closing this thread if you do not reply by tomorrow.
     
  11. Andrewnyc0129

    Andrewnyc0129 TS Rookie Topic Starter

    sorry for the delay.. so what did not work when i tried virscan was literally the link that said copy to clipboard it did nothing. i tried several times and pasted but it just did not copy the results of the log..

    all the antivirus and anti malware programs i have are from when I had a problem with a redirect virus and unsuccessfully tried removing it from my computer. Do you have any suggestions for which programs to keep and which to delete?

    also i just ran a disc cleanup and got rid of a lot of extra space

    thanks
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Many files were removed in OTM as I pointed out. You should set up a regular maintenance schedule.
    =========================================
    (AV=antivirus. FW=firewall. SP=spyware/antimalware)
    AV: AntiVir Desktop <<< Keep
    AV: McAfee VirusScan *Disabled/Outdated <<<<<<It appears that you have a McAfee Security Suite and that the subscription has expired. If that is the case, please Uninstall: McAfee Removal
    FW: McAfee Personal Firewall: will be removed
    SP: AntiVir Desktop> Keep
    SP: McAfee VirusScan> Will be removed
    SP: Spyware Doctor *Disabled/Outdated (from PC Tools)<<<< Expired> Remove
    SP: Windows Defender>> Optional
    EVEREST Ultimate Edition v5.50>> This has been discontinued.Uninstall
    Norton PC Checkup>> Recommend remove, but it's optional
    PCTools Security:>> AV, FW, SP<<< Expired. Uninstall.
    Lavasoft\Ad-Aware> SP<<<Can keep, but has gone down in effictiveness
    Spybot - Search & Destroy> SP<<< Keep
    Malwarebytes' Anti-Malware> SP<<<< If paid, keep. If free, uninstall. Can run free scan anytime.
    ------------------------------------
    My recommendations for security programs:
    1. Keep Avira as the AV
    2. Add one of these free firewalls:
    [o]Comodo
    [o]Zone Alarm
    3. Use a Site Advisor: Recommend :
    The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.
    4. Spyware/Antimalware:
    [o] Keep Spybot Search & Destroy
    [o] Add Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o] Windows Defender optional
    =====================================
    Regadless of which programs you keep please note: If you collect security programs on your own to try and get rid of malware, you should not just abandon them on the system. You should have the AV, FW and SP that are always on the system and others shou;d be uninstalled.
     
  13. Andrewnyc0129

    Andrewnyc0129 TS Rookie Topic Starter

    Thanks so much for your help. I really appreciate it. Is there anything else you would recommend or do you think my pc should be back to normal. Honestly my internet is running pretty slow especially streaming videos and flash.. if you have any idea how to help with that, would be awesome :) thanks again
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am concerned about the failed online scan. It's been 2 weeks since you started this. Please repeat the following:

    Update and rescan with Malwarebytes.

    Go to the Eset Online Virus scanner and do a new scan.

    Please leave both logs in next reply.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...