hi, welcome to TSG.
Do you know what this program is?
C:\Program Files\RocketDock\RocketDock.exe
Disable Windows Defender
Windows Defender(Beta2)
1. Click on "Tools"
2. Click on "General Settings"
3. Scroll down to "Real-time protection options"
4. Uncheck "Turn on Real-time protection (recommended)"
5. Click "Save"
spysweeper.
Before you proceed with the removal directions below you need to turn off
SpySweeper's realtime protection as it will interfere with the changes we
are trying to make.
Open Spysweeper and click on Options > Program Options.
Uncheck "load at windows startup".
On the left click "shields" and then uncheck everything there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
Leave it disabled until we are finished here.
If using Vista, when running the fixes, Right click and select
'Run as Administrator'
Also disable User Account Control in control panel if turned on!
NOTE: If you have downloaded ComboFix previously please delete that
version and download it again!
Download ComboFix from
Here
or
Here
to your Desktop.
Reboot to Safe mode:
Restart your computer and begin tapping the F8 key on your keyboard just
before Windows starts to load. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.
Perform the following actions in
Safe Mode.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a
HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its
running. That may cause it to stall
Please download
http://www.atribune.org/ccount/click.php?id=4 to your
desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click
YES
· Once you click yes, your desktop will go blank as it starts removing
Vundo.
· When completed, it will prompt that it will shutdown your computer, click
OK.
· Turn your computer back on.
Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!
http://java.com/en/download/manual.jsp
have hijack this fix these entries. close all browsers and programmes before
clicking FIX.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O21 - SSODL: bxlrvps - {7F799F7F-E3F6-4ACC-A827-0894AF3BF290} - C:\Windows\bxlrvps.dll
O21 - SSODL: alofkmn - {007D15F5-5028-4C2D-ADCD-16CF92C4E995} - C:\Windows\alofkmn.dll
O21 - SSODL: VolumeRam - {f17e4f5f-df05-4dd1-8e8a-30cc8b21bbee} - (no file)
Please download the OTMoveIt by OldTimer.
http://download.bleepingcomputer.com...r/OTMoveIt.exe
* Save it to your desktop.
* Please double-click OTMoveIt.exe to run it.
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Windows\bxlrvps.dll
C:\Windows\alofkmn.dll
* Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
* Click the red Moveit! button.
* Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Download AVG Anti-Spyware
http://www.ewido.net/en/
* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition
files.
* On the main screen select the icon "Update" then select the "Update now"
link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the
screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select
"Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that
later in safe mode.
* Click here to download ATF Cleaner by Atribune and save it to your
desktop.
http://majorgeeks.com/ATF_Cleaner_d4949.html
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.
* Click here for info on how to boot to safe mode if you don't already know
how.
http://support.microsoft.com/kb/315222
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
Run AVG Anti-Spyware!
# IMPORTANT: Do not open any other windows or programs while AVG is scanning
as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on
"Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little
time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all
actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen
and save it to a text file on your system (make sure to remember where you
saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is
found,
click the yes button when it asks you if you want to cure it. This is only a
short scan.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
* Back at the main window, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the
files found: IPB Image
* If so, click it and then click the next icon right below and select Move
incurable as you'll see in next image:
IPB Image
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it
can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose
save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will
be moved/deleted during reboot.
Post a new hijack this, the dr web scan log, the combo log, the vundo, the moveit folder, and the AVg antispware log!
Login 
General Security 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile