Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

I hear audio ads in the background

(In Progress)
(!)

xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
09-Apr-2011, 07:03 PM #1
I hear audio ads in the background
recently i got attacked by a windows restore malware and was able to take it off but now i get constant script errors and hear ads in the background of my computer. i used iobit's hijack scan and got this as my log
Logfile of IObit HijackScan v1.0.2.0
Scan saved at 18:53:19, on 2011-4-9
Running processes:
C:\Windows\System32\smss.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Spybot
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Windows\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}npdivx.DivXBrowserPlugin.1 - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: JKR (JKR) - Unknown -
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: ZMLGJMTU (ZMLGJMTU) - Unknown -
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 10:47 AM #2
Hi,

Please do the following:


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 02:12 PM #3
Ty
Hey,

ty for helping and i attached the docs u wanted but i couldnt attach the Gmer one because it exceeded the file limit so i uploaded it to mediafire.

http://www.mediafire.com/?uju2kkmfq1z7zmx
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 02:18 PM #4
Hi,

Please do the following

Refer to the ComboFix User's Guide
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 05:06 PM #5
Heres the log:
ComboFix 11-04-10.01 - luis1 04/10/2011 16:53:35.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1527.915 [GMT -4:00]
Running from: c:\users\luis1\Downloads\ComboFix.exe
SP: IObit Security 360 *Enabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 21:00 . 2011-04-10 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-09 02:16 . 2011-04-09 02:16 -------- d-----w- c:\users\luis1\AppData\Roaming\Malwarebytes
2011-04-09 02:16 . 2011-04-09 02:16 -------- d-----w- c:\programdata\Malwarebytes
2011-04-09 02:16 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 02:16 . 2011-04-09 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 00:44 . 2011-04-09 00:44 -------- d-----w- C:\$AVG
2011-04-09 00:23 . 2011-04-10 20:47 -------- d-----w- c:\users\luis1\AppData\Roaming\AVG
2011-04-09 00:12 . 2011-04-09 00:12 -------- d--h--w- c:\programdata\Common Files
2011-04-09 00:10 . 2011-04-10 20:43 -------- d-----w- c:\programdata\AVG10
2011-04-09 00:09 . 2011-04-10 20:47 -------- d-----w- c:\program files\AVG
2011-04-09 00:03 . 2011-04-10 20:41 -------- d-----w- c:\programdata\MFAData
2011-04-08 20:35 . 2011-04-08 20:35 -------- d-----w- c:\users\luis1\AppData\Local\VirtualStore
2011-04-08 20:09 . 2011-04-08 21:16 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-04-05 00:39 . 2011-04-08 21:16 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-03 04:11 . 2011-04-08 21:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-03 04:11 . 2011-04-08 21:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-02 22:59 . 2011-04-08 21:17 -------- d-----w- c:\program files\WinSCP
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-09 08:17 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 08:17 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 08:17 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 02:47 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-01 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-08-13 2599936]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 01:06]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 01:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-10 17:05:03
ComboFix-quarantined-files.txt 2011-04-10 21:05
.
Pre-Run: 17,956,896,768 bytes free
Post-Run: 17,311,154,176 bytes free
.
- - End Of File - - 439DC307CA57CE42C8E1FA505E1960E7
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 05:25 PM #6
Please run the following:

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 05:56 PM #7
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6327
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
4/10/2011 5:50:37 PM
mbam-log-2011-04-10 (17-50-37).txt
Scan type: Quick scan
Objects scanned: 162494
Time elapsed: 13 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)



i couldnt get the last scan to work because i dont think its compatable with new internet explorer for the reason that activeX never showed a notification
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 06:06 PM #8
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 06:20 PM #9
the program wont run :/ i tried to rename it aswell nd i saved it to my destop and still not running
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 06:20 PM #10
also im starting to get redirected when i click a link on google to advertisments
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 06:24 PM #11
Please do the following:

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button



Save the log as before and post in your next reply
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 06:32 PM #12
...
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 07:42 PM #13
How is the computer running now? Are you still being redirected?

Please run the following:
  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, uncheck Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient
xxdrzfliiboyxx's Avatar
xxdrzfliiboyxx xxdrzfliiboyxx is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Apr 2011
10-Apr-2011, 08:20 PM #14
It reopens the tab when i attemp to begin the scan and says there was an error on the page
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Apr-2011, 08:23 PM #15
OK

Download, install and run Microsoft Security Essentials

let me know if it finds anything

also, please advise how the computer is running and if there are any outstanding issues.

http://www.microsoft.com/security_essentials/
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑