Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random invisible audio ads / Google Error 404 redirect [Solved]

Started by sir dapper , Aug 12 2012 01:11 PM

  • This topic is locked This topic is locked

#1
sir dapper
Posted 12 August 2012 - 01:11 PM

sir dapper

    New Member

  • Member
  • Pip
  • 6 posts
Hello, i am running a Vista 32bit machine. A few days ago i was downloading what i thought to be an Adobe upgrade for Flash, when i began to randomly hear adverts for "this and that" product or company. This is accompanied with random music tracks. When i went to search for malware removal tools at major websites; ie MalwareBytes, CNet, site of that general populatity or go i get redirected to the infamous 'Error 404 (Not Found)!!1'.
Another key symptom to note it that Firefox is virtually unusable. It closes out seconds after being opened. I've cleared the cache, deleted all related files, and reinstalled in attempt to remedy that issue, to no avail. I tried the Google Redirect Tutorial provided here but was unable to do a scan on Goored. It stops working seconds after beginning its scan. Any suggestion would be greatly appreciated. Thanks!

OTL logfile created on: 8/12/2012 11:45:38 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Dapper\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.83% Memory free
4.19 Gb Paging File | 2.85 Gb Available in Paging File | 67.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.16 Gb Total Space | 60.13 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive D: | 8.13 Gb Total Space | 1.77 Gb Free Space | 21.81% Space Free | Partition Type: NTFS

Computer Name: DAPPER-PC | User Name: Dapper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dapper\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Dapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Dapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\WINDOWS\System32\igfxTMM.dll ()
MOD - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (NETw3v32) -- C:\WINDOWS\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys (Symantec Corporation)
DRV - (R5U870FLx86) -- C:\WINDOWS\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\WINDOWS\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {7CCF7E23-A5B5-4802-86F7-F30BF28B72F1}
IE - HKLM\..\SearchScopes\{7CCF7E23-A5B5-4802-86F7-F30BF28B72F1}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{9BD29675-37F1-494F-8C10-72B4A24470A7}: "URL" = http://search.live.c...#38;FORM=HVNUS7
IE - HKLM\..\SearchScopes\{E0118119-BEFC-48BF-AFA8-8646A1337572}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {7CCF7E23-A5B5-4802-86F7-F30BF28B72F1}
IE - HKCU\..\SearchScopes\{7CCF7E23-A5B5-4802-86F7-F30BF28B72F1}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKCU\..\SearchScopes\{9BD29675-37F1-494F-8C10-72B4A24470A7}: "URL" = http://search.live.c...#38;FORM=HVNUS7
IE - HKCU\..\SearchScopes\{E0118119-BEFC-48BF-AFA8-8646A1337572}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dapper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 23:54:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/08/10 00:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dapper\AppData\Roaming\Mozilla\Extensions
[2012/08/09 23:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/12 11:25:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Seonerlor] C:\Users\Dapper\AppData\Roaming\Vaolv\alaco.exe (the VideoLAN Team)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [YY1X6IUX2A6J5F3CAULNJZYQ] C:\sysproc.bin\C639636CA82.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Dapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C87A2854-9F97-4A6A-B58F-D7196009DDA7}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dapper\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dapper\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/03 17:02:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 11:44:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Dapper\Desktop\OTL.exe
[2012/08/12 11:40:59 | 000,000,000 | ---D | C] -- C:\Users\Dapper\Desktop\GooredFix Backups
[2012/08/12 11:40:27 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Dapper\Desktop\GooredFix.exe
[2012/08/12 11:25:18 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/12 11:23:39 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Dapper\Desktop\OTM.exe
[2012/08/12 11:17:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/08/11 13:23:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/09 23:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Vaolv
[2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Odoq
[2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Ilov
[2012/07/31 23:43:31 | 000,000,000 | ---D | C] -- C:\Users\Dapper\Documents\Rainmeter
[2012/07/31 23:43:31 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Rainmeter
[2012/07/31 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2012/07/29 19:12:39 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/29 18:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/07/29 18:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/29 18:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

========== Files - Modified Within 30 Days ==========

[2012/08/12 11:44:48 | 000,663,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/12 11:44:48 | 000,121,036 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/12 11:44:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dapper\Desktop\OTL.exe
[2012/08/12 11:40:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Dapper\Desktop\GooredFix.exe
[2012/08/12 11:37:37 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/08/12 11:36:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 11:36:25 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 11:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 11:36:15 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 11:25:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/12 11:23:55 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Dapper\Desktop\OTM.exe
[2012/08/12 11:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 16:16:08 | 000,080,384 | ---- | M] () -- C:\Users\Dapper\Desktop\MBRCheck.exe
[2012/08/11 13:49:05 | 000,002,647 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
[2012/08/11 13:49:05 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Vongo.lnk
[2012/08/09 23:54:32 | 000,000,870 | ---- | M] () -- C:\Users\Dapper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 23:54:32 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/31 23:43:05 | 000,001,722 | ---- | M] () -- C:\Users\Dapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/07/29 18:40:13 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2012/08/11 16:16:01 | 000,080,384 | ---- | C] () -- C:\Users\Dapper\Desktop\MBRCheck.exe
[2012/08/11 13:49:05 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Vongo.lnk
[2012/08/09 23:54:32 | 000,000,870 | ---- | C] () -- C:\Users\Dapper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/09 23:54:32 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/09 23:54:32 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/09 16:31:46 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\U\800000cb.@
[2012/08/09 16:31:45 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\U\80000000.@
[2012/08/09 16:31:44 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\U\00000001.@
[2012/07/31 23:43:05 | 000,001,722 | ---- | C] () -- C:\Users\Dapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2012/07/31 23:43:05 | 000,001,698 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2012/07/29 18:40:13 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/05/07 12:17:02 | 000,003,584 | ---- | C] () -- C:\Users\Dapper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 16:05:50 | 000,000,680 | ---- | C] () -- C:\Users\Dapper\AppData\Local\d3d9caps.dat
[2006/11/02 01:31:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\@
[2006/11/02 01:31:23 | 000,002,048 | -HS- | C] () -- C:\Users\Dapper\AppData\Local\{acc8eace-356a-9e02-5894-5fcd634f14f1}\@

========== LOP Check ==========

[2012/07/04 14:06:09 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\.minecraft
[2012/08/09 16:29:27 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Ilov
[2012/04/12 18:31:54 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\MSNInstaller
[2012/08/12 11:38:02 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Odoq
[2012/07/31 23:59:27 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Rainmeter
[2012/05/20 19:18:10 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Spotify
[2012/05/05 16:06:44 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Unity
[2012/08/09 16:29:27 | 000,000,000 | ---D | M] -- C:\Users\Dapper\AppData\Roaming\Vaolv
[2012/08/12 11:35:19 | 000,029,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 12 August 2012 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have what appears to be zero access

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O4 - HKCU..\Run: [YY1X6IUX2A6J5F3CAULNJZYQ] C:\sysproc.bin\C639636CA82.exe ()
    [2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Vaolv
    [2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Odoq
    [2012/08/09 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Dapper\AppData\Roaming\Ilov

    :Reg
    [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
    ""="%systemroot%\system32\wbem\wbemess.dll"
    [-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}]

    :Files
    C:\Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}
    C:\Users\Dapper\AppData\Local\{acc8eace-356a-9e02-5894-5fcd634f14f1}
    C:\sysproc.bin

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
sir dapper
Posted 12 August 2012 - 02:06 PM

sir dapper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 12-08-10.02 - Dapper 08/12/2012 12:37:58.1.2 - x86
Running from: c:\users\Dapper\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dapper\AppData\Local\Temp\{DBF32CA7-5E91-4B49-BF1A-F4BF938DE154}\fpb.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 19:44 . 2012-08-12 19:49 -------- d-----w- c:\users\Dapper\AppData\Local\temp
2012-08-12 19:44 . 2012-08-12 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 19:26 . 2012-08-12 19:26 -------- d-----w- C:\_OTL
2012-08-12 18:25 . 2012-08-12 18:25 -------- d-----w- C:\_OTM
2012-08-12 18:17 . 2012-08-12 18:17 -------- d-----w- c:\windows\Sun
2012-08-11 20:23 . 2012-08-11 20:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 06:22 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05649EFB-F0CC-47DF-84C1-F32CCE7E06C2}\mpengine.dll
2012-08-01 06:43 . 2012-08-01 06:59 -------- d-----w- c:\users\Dapper\AppData\Roaming\Rainmeter
2012-08-01 06:43 . 2012-08-01 06:43 -------- d-----w- c:\program files\Rainmeter
2012-07-30 02:32 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-30 02:32 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-30 02:32 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-30 02:32 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-30 02:32 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-30 01:40 . 2012-08-01 17:56 -------- d-----w- c:\program files\Common Files\Steam
2012-07-30 01:40 . 2012-08-12 19:49 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 00:12 . 2012-04-13 02:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-10 00:12 . 2012-04-13 02:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 19:25 . 2012-04-14 01:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-14 00:17 . 2012-08-10 06:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-04-14 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"Spotify Web Helper"="c:\users\Dapper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-20 932528]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 133912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 431752]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-04 77824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Dapper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-3 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dapper\AppData\Roaming\Mozilla\Firefox\Profiles\q4ntaw33.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Seonerlor - c:\users\Dapper\AppData\Roaming\Vaolv\alaco.exe
SafeBoot-35159733.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Hewlett-Packard\HP Advisor\SSDK04.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-12 12:55:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 19:55
.
Pre-Run: 65,726,099,456 bytes free
Post-Run: 65,544,286,208 bytes free
.
- - End Of File - - 5082B6F524C5B44C883411E207F81A2D
  • 0

#4
sir dapper
Posted 12 August 2012 - 02:10 PM

sir dapper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I can't get to the OTL log file. After running Combo Fix i started to get an error that won't allow me to open files. "Illegal operation attepmted on a registry key that has been marked for deletion"






Farbar Service Scanner Version: 06-08-2012
Ran by Dapper (administrator) on 12-08-2012 at 13:07:15
Running from "C:\Users\Dapper\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2012-04-14 03:46] - [2012-04-14 03:46] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#5
Essexboy
Posted 12 August 2012 - 02:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A reboot will cure that problem, it is just that combofix has not yet released the registry

After the reboot:

Download the attached reg file to your desktop
[attachment=59674:bits_vista.reg]
Double click the file and allow to merge
Accept the warnings
Reboot

Then could you let me know how the system is behaving
  • 0

#6
sir dapper
Posted 12 August 2012 - 05:20 PM

sir dapper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
That did the trick. Firefox is running right as rain, no ghost advertisements, and i don't have any issues with Google redirect. Thank you for the solution and amazing response time!
  • 0

#7
Essexboy
Posted 13 August 2012 - 06:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just one more thing to do before I tidy up

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
sir dapper
Posted 13 August 2012 - 11:43 AM

sir dapper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Dapper :: DAPPER-PC [administrator]

8/13/2012 9:04:23 AM
mbam-log-2012-08-13 (09-04-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344118
Time elapsed: 1 hour(s), 30 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\_OTL\MovedFiles\08122012_122641\C_Users\Dapper\AppData\Local\{acc8eace-356a-9e02-5894-5fcd634f14f1}\n (RootKit.0Access) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08122012_122641\C_Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\n (RootKit.0Access) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08122012_122641\C_Windows\Installer\{acc8eace-356a-9e02-5894-5fcd634f14f1}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
  • 0

#9
Essexboy
Posted 13 August 2012 - 11:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#10
Essexboy
Posted 15 August 2012 - 07:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP