Solved Bad image pop-ups

[jstar1029]

I recently started getting these bad image pop-ups everytime I start up my computer and when I try to open up any program on it. I have started the preliminary 8 step process but after I did the mbam scan I no longer got the pop-ups anymore after I restarted my computer would I still need to finish the process? I am attaching the mbam log to this post

 

[Broni]

Welcome aboard

Yes, finish all steps, because something may be still hiding there.

 

[jstar1029]

Thanks alot I just finished the whole process and its nice to be here you guys saved my computer lol I have attached all of the logs is there anything else I have to do? or anything I can do to prevent this from happening again? thanks in advance I appreciate all the help

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[jstar1029]

this is wat i got:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79BE000 \WINDOWS\system32\KDCOM.DLL
0xF78CE000 \WINDOWS\system32\BOOTVID.dll
0xF74BE000 nnujb.sys
0xF72BC000 spoc.sys
0xF79C0000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF72A4000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7276000 ACPI.sys
0xF7265000 pci.sys
0xF74CE000 ohci1394.sys
0xF74DE000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF74EE000 isapnp.sys
0xF78D2000 compbatt.sys
0xF78D6000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A86000 pciide.sys
0xF773E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7247000 pcmcia.sys
0xF74FE000 MountMgr.sys
0xF7228000 ftdisk.sys
0xF7746000 PartMgr.sys
0xF750E000 VolSnap.sys
0xF7210000 atapi.sys
0xF751E000 disk.sys
0xF752E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71F0000 fltmgr.sys
0xF71DE000 sr.sys
0xF753E000 PxHelp20.sys
0xF71C7000 KSecDD.sys
0xF71B4000 WudfPf.sys
0xF7127000 Ntfs.sys
0xF70FA000 NDIS.sys
0xF70E0000 Mup.sys
0xF6716000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7097000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF708B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6145000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6131000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6109000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5D92000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF77E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5D6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76DE000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF5D5A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5D2E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5CB3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7806000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF780E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5C7B000 \SystemRoot\System32\Drivers\aumqwvcm.SYS
0xF770E000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xF7B87000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF771E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6912000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5C64000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF772E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF755E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF788E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5C53000 \SystemRoot\system32\DRIVERS\psched.sys
0xF756E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7896000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF789E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5C23000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF757E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A12000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5C00000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5BA2000 \SystemRoot\system32\DRIVERS\update.sys
0xF68FA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF758E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF759E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF78A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF75AE000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xF75BE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6A2000 \SystemRoot\system32\drivers\sthda.sys
0xAA67E000 \SystemRoot\system32\drivers\portcls.sys
0xF75DE000 \SystemRoot\system32\drivers\drmk.sys
0xAA644000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xAA54D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xAA497000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF78AE000 \SystemRoot\System32\Drivers\Modem.SYS
0xF75EE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A18000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BD9000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A1A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF776E000 \SystemRoot\System32\drivers\vga.sys
0xF7A1C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF777E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7786000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79A6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA464000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA40B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA3E3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA3BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF75FE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA373000 \SystemRoot\System32\drivers\afd.sys
0xF760E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF761E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF781E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA348000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA2D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF763E000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA21C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A2A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF6746000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0xF66E6000 \SystemRoot\System32\Drivers\oz776.sys
0xF5B7A000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xAA200000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0xAA176000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xF66C6000 \SystemRoot\System32\Drivers\tosrfbnp.sys
0xF7B22000 \SystemRoot\system32\drivers\Toshidpt.sys
0xF66B6000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0xF77D6000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0xF768E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA15E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A42000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1DC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77CE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BB8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA00A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9F0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9EFA000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA9BBD000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9D1A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9B42000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA97A0000 \SystemRoot\System32\Drivers\HTTP.sys
0xA966F000 \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys
0xA9618000 \SystemRoot\system32\DRIVERS\srv.sys
0xA97E5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7C6B000 \??\C:\DOCUME~1\J\LOCALS~1\Temp\kgldapow.sys
0xA7C47000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA7C1C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
824 csrss.exe
856 C:\WINDOWS\system32\winlogon.exe
908 C:\WINDOWS\system32\services.exe
920 C:\WINDOWS\system32\lsass.exe
1108 C:\WINDOWS\system32\svchost.exe
1204 svchost.exe
1320 C:\WINDOWS\system32\svchost.exe
1356 C:\WINDOWS\system32\svchost.exe
1484 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1648 svchost.exe
1748 svchost.exe
1976 C:\WINDOWS\system32\LEXBCES.EXE
2012 C:\WINDOWS\system32\LEXPPS.EXE
2020 C:\WINDOWS\system32\spoolsv.exe
288 scardsvr.exe
320 C:\Program Files\Avira\AntiVir Desktop\sched.exe
500 svchost.exe
584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
820 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1236 C:\Program Files\Bonjour\mDNSResponder.exe
1400 svchost.exe
1508 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
756 C:\WINDOWS\explorer.exe
1900 C:\WINDOWS\system32\svchost.exe
324 C:\Program Files\Java\jre6\bin\jqs.exe
1472 C:\WINDOWS\system32\LxrJD31s.exe
1600 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1792 C:\WINDOWS\system32\svchost.exe
1824 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2312 wmpnetwk.exe
3608 C:\WINDOWS\system32\rundll32.exe
3768 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
3792 C:\Program Files\DellTPad\Apoint.exe
3900 C:\WINDOWS\system32\hkcmd.exe
3908 C:\WINDOWS\system32\igfxpers.exe
3928 C:\WINDOWS\system32\igfxsrvc.exe
3940 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
3968 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
4012 C:\Program Files\DellTPad\ApMsgFwd.exe
4028 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1072 C:\Program Files\DellTPad\hidfind.exe
1264 C:\Program Files\DellTPad\ApntEx.exe
1348 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2092 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2100 C:\WINDOWS\vsnpstd.exe
2132 C:\Program Files\iTunes\iTunesHelper.exe
2192 C:\WINDOWS\system32\ctfmon.exe
2428 C:\Program Files\Windows Media Player\wmpnscfg.exe
3428 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
1872 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2788 C:\WINDOWS\system32\wbem\unsecapp.exe
1948 C:\Program Files\WinZip\WZQKPICK.EXE
3424 alg.exe
3328 wmiprvse.exe
1728 wmiprvse.exe
2108 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
3500 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
3872 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
4084 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
1908 C:\Program Files\iPod\bin\iPodService.exe
2980 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
3708 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
1860 C:\Program Files\Internet Explorer\iexplore.exe
3648 C:\Program Files\Internet Explorer\iexplore.exe
2636 C:\Program Files\Internet Explorer\iexplore.exe
912 C:\Documents and Settings\J\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6008GAH, Rev: BU011A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[jstar1029]

Heres the combofix log I attached it it took awhile but still no sign of the pop-ups anymore thanks in advance is there anything else to do?

 

[Broni]

Uninstall Ask.com - known adware.

=========================================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[jstar1029]

Here is the otl.txt one it wouldnt let me copy it right in too long so I had to attach it

 

[jstar1029]

And this is the extra.txt one also attached thanks again for all the help

 

[Broni]

You're running low on C drive free space:

Drive C: | 55.80 Gb Total Space | 5.88 Gb Free Space | 10.54% Space Free

=======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110
  FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
  FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.1
  FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080WQUS&fl=0&ptb=qfsxW1hPFywZYbGc8xjqaw&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c7fb&searchfor="
  FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
  [2010/06/13 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Mozilla\Firefox\Profiles\cl5nituy.default\extensions\searchtoolbar@zugo.com
  [2009/12/28 21:51:52 | 000,009,985 | ---- | M] () -- C:\Documents and Settings\J\Application Data\Mozilla\Firefox\Profiles\cl5nituy.default\searchplugins\mywebsearch.xml
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
  [4 C:\Documents and Settings\J\Desktop\*.tmp files -> C:\Documents and Settings\J\Desktop\*.tmp -> ]
  [1 C:\Documents and Settings\J\My Documents\*.tmp files -> C:\Documents and Settings\J\My Documents\*.tmp -> ]
  [2010/09/21 19:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
  "EnableFirewall" =dword:00000001
  
  :Files
  C:\Program Files\MyWebSearch
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

======================================================================

Last scans.....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMOPRTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[jstar1029]

Hey sorry I havent been on in awhile but I have completed everything you have instructed me to do. I have attached all of the logs. when I did the online scan it came up empty there was no log to save and it said there were no threats found so I guess my computer is virus free? thanx for all the help it is much appreciated

 

[Broni]

Update your Firefox.

=========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[jstar1029]

Here is the last log from otl thanx for all ur help ur a life saver

 

[Broni]

Assuming, all is good....

Way to go!!

Good luck and stay safe