Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

How to get rid of V9 Trojan -enemy of Google Chrome [Closed]


  • This topic is locked This topic is locked

#1
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
My computer is infected by V9 Trojan which opens its own search engines and tool bars and doesnot permit Google Chrome to function. Could you please guide me How to get rid of it. I have already tried the instructions given under" How to fix google redirects aka Win32/Olmark, rootkit.Win32.TDSS.u, Win32?Alureon.F, Backdoor.Tidserv!inf"
  • 0

Similar Topics: How to get rid of V9 Trojan -enemy of Google Chrome [Closed]     x


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
Hi there this may be relatively easy

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear Essex Boy,
Thanks for your detailed instructions. The OTL scan did not complete even after 5 hours. I had to then hard close the computer since it had become too slow to normally closed. Could you guide what should be done?
Reagards
Ranbanka1942
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
OK could you re-run OTL but this time just press run scan .. If it has not finished after 10 minutes then stop it and do the following

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click attach this file

  • 0

#5
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear Essexboy,
The files are attached after running scan with DDS
Regards
Ranbanka1942Attached File  dds.txt   14.41KB   4 downloadsAttached File  attach.rar   5.82KB   3 downloads

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by raghuvir.s at 11:54:00 on 2012-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.740 [GMT 5.5:30]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = 172.16.10.15:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: MG Suggestor: {429D37EE-1709-412e-A210-A81A65D56C88} - c:\program files\mg suggestor\MGSuggestor.dll
BHO: DIALux 3.1 ULDBrowserHelper Class: {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - c:\program files\dialux\DLXShellExtension.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Proxy Help: {F386E548-C533-472E-8C61-C026FB14FEA9} - c:\windows\system32\Newtabs_v9.dll
TB: Freecorder 6: {6B34ACCF-1B63-4E1A-8633-461917C75544} - c:\program files\freecorder 6\tbcore3.dll
TB: Freecorder 6: {6B34ACCF-1B63-4E1A-8633-461917C75544} - c:\program files\freecorder 6\tbcore3.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Backup Utility TaskTray Tool] "c:\program files\buffalo\backup_utility\BUTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun_KL_notset = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5E6D5FF7-A4CD-4d85-BB22-A429B57C5317} - {429D37EE-1709-412e-A210-A81A65D56C88} - c:\program files\mg suggestor\MGSuggestor.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 172.16.10.50
TCP: Interfaces\{58F55EA3-2AC7-4346-9217-5A9C8EA5C66F} : NameServer = 125.22.47.125
TCP: Interfaces\{58F55EA3-2AC7-4346-9217-5A9C8EA5C66F} : DHCPNameServer = 172.16.10.50
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - c:\program files\dialux\DLXToolBox.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb165?a=6OyWsjTTsT&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyWsjTTsT&&i=26&search=
FF - prefs.js: network.proxy.ftp - 172.16.10.15
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 172.16.10.15
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.16.10.15
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.16.10.15
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\funwebproducts\installr\2.bin\NPFUNWEB.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - ExtSQL: 2012-12-03 12:47; {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}; c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}
FF - ExtSQL: 2012-12-07 15:59; ffxtlbr@incredibar.com; c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\ffxtlbr@incredibar.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWsjTTsT&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 709d732e000000000000001641efd63b
FF - user.js: extensions.incredibar_i.instlDay - 15681
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:59:31
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyWsjTTsT
FF - user.js: extensions.incredibar_i.upn2n - 92262579812891987
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\drivers\BFRD4G.sys [2011-7-29 36344]
R0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2012-6-8 41856]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-1-12 231512]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerSvc32.exe [2012-4-30 213888]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-10-20 141688]
R2 MSSQL$SIZINGMSDE;SQL Server (SIZINGMSDE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2012-11-28 7680]
S3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2012-6-8 11776]
S3 DialComService;DIAL Communication Service;c:\program files\dial gmbh\dial communication framework\DialComService.exe [2011-2-14 1623552]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-6-4 36608]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
S4 BFBackupUtilityService;Backup Utility Service;c:\program files\buffalo\backup_utility\buservice.exe -service_execute --> c:\program files\buffalo\backup_utility\BUService.exe -Service_Execute [?]
S4 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\buffalo\backup_utility\buvssservicexp.exe -service_execute --> c:\program files\buffalo\backup_utility\BUVSSServiceXP.exe -Service_Execute [?]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-06 03:44:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-06 03:44:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-19 06:32:40 59 ----a-w- c:\windows\wpd99.drv
2012-11-19 06:32:39 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2012-11-19 06:32:39 249856 ----a-w- c:\windows\system32\pdfmona.dll
2012-10-24 21:42:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 21:42:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-17 11:07:32 397312 ----a-w- c:\windows\system32\TubeFinder.exe
2011-08-18 07:03:54 454120 ----a-w- c:\program files\cnet_advdp_exe.exe
.
============= FINISH: 12:00:46.14 ===============
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
Did you run AdwCleaner ?

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear ESSEXBOY,
Thanks for your advice. Both logs are attached.
Regards
ranbanka1942Attached File  ComboFix.txt   33.44KB   3 downloadsAttached File  AdwCleanerS3.txt   1.05KB   6 downloads
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
OK this should remove the last of it. Once done let me know what problems remain

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Firefox::
FF - ProfilePath - c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\Mozilla\Firefox\Profiles\1hdflggp.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb165?a=6OyWsjTTsT&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyWsjTTsT&&i=26&search=
FF - prefs.js: network.proxy.ftp - 172.16.10.15
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 172.16.10.15
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.16.10.15
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.16.10.15
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-03 12:47; {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}; c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\Mozilla\Firefox\Profiles\1hdflggp.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}
FF - ExtSQL: 2012-12-07 15:59; ffxtlbr@incredibar.com; c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\Mozilla\Firefox\Profiles\1hdflggp.default\extensions\ffxtlbr@incredibar.com
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWsjTTsT&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 709d732e000000000000001641efd63b
FF - user.js: extensions.incredibar_i.instlDay - 15681
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:59
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyWsjTTsT
FF - user.js: extensions.incredibar_i.upn2n - 92262579812891987
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -

Folder::
c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\searchquband
c:\documents and settings\aravind.RSPINDIA\Local Settings\Application Data\Conduit



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear EssexBoy,
The v9 still controls and does not allow chrome to be installed. Iget a message" Google chrome requires Wndows Xp or later. Some features may not work". I have a windows XP professional.The log file after running ComboFix as instructed by you is attached.
Regards
ranbanka1942Attached File  log.txt   27.22KB   3 downloads
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
You need to fully delete chrome before reinstalling
Also delete any shortcuts on the desktop or taskbar

Uninstall details here
  • 0

#11
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear ESSEXBOY,
Merry Christmas,
I followed your instructions and manulayy removed Google Chrome and all its shortcuts as given in the instructions. I then rin Combofix as instructed by you in your last mail and it generated a log which is attached. I then reinstalled Google Chrome from the Google site. Unforunately V9 still appeared and has taken over the site.
Please help.
Regards
Ranbanka1942Attached File  log.txt   20.89KB   2 downloads
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
Do you have shortcuts for chrome on the desktop and taskbar, if so delete them They can be recreated later

Then re-run AdwCleaner
  • 0

#13
Ranbanka1942

Ranbanka1942

    New Member

  • Member
  • Pip
  • 7 posts
Dear EssexBOY,
I removed all shortcuts, removed chrome , emptied the recycle bin and rin ADW cleaner. The log is attached. Downloaded Google Chrome from Google site and installed it. The V9 still blocked the chrome.
regards
rathaurAttached File  AdwCleanerS6.txt   1.04KB   2 downloads
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
Could you now set chrome to Incognito mode then let me know if v9 is still present
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,640 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured