Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: adware hijack

  1. #1
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default adware hijack

    played a few free games on yahoo now seems their gaming software has hijacked my computer (stupid me) I keep getting pop ups for surveys and free prizes.

    here's my hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:51 AM, on 2/12/2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HPBTWD.exe
    C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\PC Tools Security\pctsGui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Free Ride Games\GPlayer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll
    O2 - BHO: Updater For Simppull Toolbar - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (file missing)
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
    O4 - HKLM\..\Run: [HP] C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 11766 bytes


    Here's the malware log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7921

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    10/11/2011 8:49:25 AM
    mbam-log-2011-10-11 (08-49-25).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 93898
    Time elapsed: 28 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    here's the superantispyware

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 10/11/2011 at 09:15 AM

    Application Version : 4.34.1000

    Core Rules Database Version : 7596
    Trace Rules Database Version: 5408

    Scan type : Quick Scan
    Total Scan Time : 00:17:58

    Memory items scanned : 336
    Memory threats detected : 0
    Registry items scanned : 593
    Registry threats detected : 0
    File items scanned : 3016
    File threats detected : 52

    Adware.Tracking Cookie
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\MK9PQV7S.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\Q4KCZZMF.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\R0QWG68O.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\V3S0EPMR.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\3OFG9AC3.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\KMFS4MQF.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\Q2XLV2ZW.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\kmailler@atwola[2].txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\HAJT4A89.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\kmailler@tacoda[2].txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\3BSQ6H3Y.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\RMGUCCTK.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\WL82RBT3.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\5TBEE0U2.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\KX1LSHUO.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\R2DH1BE3.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\Z20FWN4W.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\ZDMNLDAA.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\VIQ2061L.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\kmailler@atwola[1].txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\8B0PSY5J.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\VRRSH39I.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\EKUUDAJ8.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\JM7XUDYA.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\DGPPD74E.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\kmailler@ad.yieldmanager[2].txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\4CK6A10L.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\9TWUNQIK.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\G9ANZJAD.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\kmailler@ar.atwola[3].txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\OSE435PW.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\JKRA61OK.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\VR28V4VF.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\FH2L3AKY.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\2JZITUUY.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\AGRW5QWB.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\YJ1V4DL7.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\6UM5L2FL.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\1KR966OC.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\OD75KLCP.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\7NB2LY52.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\5HEHI3WG.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\UHU8A8EJ.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\R6KFS118.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\RAT2Z3ZT.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\3IO1J7GF.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\RIXWP3K2.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\QMQIRC2R.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\GO2SGT98.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\TA257B8U.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\AW37MM40.txt
    C:\Users\kmailler\AppData\Roaming\Microsoft\Windows\Cookies\N5K4ZNDK.txt

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default

    here's the DDS log:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by kmailler at 6:41:05 on 2011-10-18
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1015.129 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\SPLASH.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\consent.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\AVAST Software\Avast\defs\11101800\Sf.bin
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files\common files\homepage protection\HomepageProtection.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\3363654463 : DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{D1FD69A4-5E71-4A67-AAB3-A3E4A0118D19}\86F6573756 : DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
    Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kmailler\appdata\roaming\mozilla\firefox\profiles\0jsovf5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LPY&o=100000042&locale=en_US&apn_uid=4c7a558c-c67e-4319-874e-19227d1787bc&apn_ptnrs=V8&apn_sauid=BB22B0FC-870E-4721-BFBD-5F464E407133&apn_dtid=YYYYYYYYUS&&q=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\livingplay games\nplplaypop.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\2\NP_wtapp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\kmailler\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\kmailler\appdata\roaming\mozilla\firefox\profiles\0jsovf5m.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-6 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-6 320856]
    R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2009-3-2 81920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-6 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-6 54616]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-19 44768]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-24 167424]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    .
    =============== Created Last 30 ================
    .
    2011-10-12 13:32:36 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2011-10-12 11:00:02 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 11:00:01 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 11:00:01 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 11:00:01 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 11:00:01 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-12 10:59:56 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 10:59:55 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 10:59:46 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-05 14:30:11 -------- d-----w- c:\users\kmailler\appdata\roaming\Mayan Puzzle
    2011-10-05 14:14:35 -------- d-----w- c:\users\kmailler\appdata\local\OpenCandy
    2011-10-05 14:14:30 -------- d-----w- c:\users\kmailler\appdata\roaming\OpenCandy
    2011-10-05 14:14:28 -------- d-----w- c:\programdata\Big Fish Games
    2011-10-05 14:13:29 -------- d-----w- c:\program files\Ask.com
    2011-10-05 14:12:50 -------- d-----w- C:\BigFishGamesCache
    2011-10-05 14:11:47 -------- d-----w- c:\program files\LivingPlay Games
    2011-09-24 17:21:41 -------- d-----w- c:\program files\WildGames
    2011-09-24 13:06:13 -------- d-----w- c:\program files\Coupons
    2011-09-22 11:44:24 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
    .
    ==================== Find3M ====================
    .
    2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 20:24:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 6:48:35.09 ===============

  4. #4
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default

    next log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-18 09:18:36
    -----------------------------
    09:18:36.225 OS Version: Windows 6.1.7600
    09:18:36.225 Number of processors: 2 586 0x1C02
    09:18:36.231 ComputerName: KMAILLER-PC UserName: kmailler
    09:18:39.824 Initialize success
    09:18:40.889 AVAST engine defs: 11101800
    09:19:05.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    09:19:05.172 Disk 0 Vendor: ST916031 0005 Size: 152627MB BusType: 3
    09:19:05.254 Disk 0 MBR read successfully
    09:19:05.271 Disk 0 MBR scan
    09:19:05.302 Disk 0 unknown MBR code
    09:19:05.328 Disk 0 scanning sectors +312576000
    09:19:05.447 Disk 0 scanning C:\Windows\system32\drivers
    09:19:25.220 Service scanning
    09:19:27.854 Modules scanning
    09:19:45.030 Disk 0 trace - called modules:
    09:19:45.044 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    09:19:45.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c515f8]
    09:19:45.047 3 CLASSPNP.SYS[8698459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e4a028]
    09:19:50.397 AVAST engine scan C:\Windows
    09:19:54.698 AVAST engine scan C:\Windows\system32
    09:23:10.676 AVAST engine scan C:\Windows\system32\drivers
    09:23:30.075 AVAST engine scan C:\Users\kmailler
    09:24:31.488 Disk 0 MBR has been saved successfully to "C:\Users\kmailler\Desktop\MBR.dat"
    09:24:31.536 The log file has been saved successfully to "C:\Users\kmailler\Desktop\aswMBR.txt"

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please do the following in order.


    1.
    Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

    Current Practices of IAC/Ask Toolbars
    ASKToolbar.dll!8547d63af660


    I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.

    2.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    3.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TDSSKILLER log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default

    here's the combofix log:

    ComboFix 11-10-18.04 - kmailler 10/18/2011 15:28:36.2.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1015.420 [GMT -4:00]
    Running from: c:\users\kmailler\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-18 19:52 . 2011-10-18 19:52 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-10-18 19:52 . 2011-10-18 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-18 19:52 . 2011-10-18 19:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-10-12 13:32 . 2011-10-12 13:32 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2011-10-12 13:31 . 2011-10-12 13:31 -------- d-----w- c:\program files\Apple Software Update
    2011-10-12 11:00 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 11:00 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 11:00 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 11:00 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 11:00 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-12 10:59 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 10:59 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 10:59 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-05 14:30 . 2011-10-05 14:30 -------- d-----w- c:\users\kmailler\AppData\Roaming\Mayan Puzzle
    2011-10-05 14:14 . 2011-10-05 15:56 -------- d-----w- c:\users\kmailler\AppData\Local\OpenCandy
    2011-10-05 14:14 . 2011-10-05 14:14 -------- d-----w- c:\users\kmailler\AppData\Roaming\OpenCandy
    2011-10-05 14:14 . 2011-10-05 15:52 -------- d-----w- c:\programdata\Big Fish Games
    2011-10-05 14:12 . 2011-10-05 15:52 -------- d-----w- C:\BigFishGamesCache
    2011-10-05 14:11 . 2011-10-08 15:30 -------- d-----w- c:\program files\LivingPlay Games
    2011-09-24 17:21 . 2011-09-30 16:04 -------- d-----w- c:\program files\WildGames
    2011-09-24 13:06 . 2011-09-24 13:06 -------- d-----w- c:\program files\Coupons
    2011-09-22 11:44 . 2011-09-22 11:44 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-06 20:45 . 2011-06-06 18:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2011-06-06 18:29 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-06-06 18:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:37 . 2011-06-06 18:30 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2011-06-06 18:30 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2011-06-06 18:29 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2011-06-06 18:29 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 20:36 . 2011-06-06 18:30 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-08-31 21:00 . 2010-02-01 17:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-10 20:24 . 2011-07-05 17:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-12 13:32 . 2011-07-22 18:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
    "WirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe"
    "SysTrayApp"=c:\program files\IDT\WDM\sttray.exe
    "IgfxTray"=c:\windows\system32\igfxtray.exe
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "Persistence"=c:\windows\system32\igfxpers.exe
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
    S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 44754880
    *NewlyCreated* - 79338263
    *NewlyCreated* - ASWMBR
    *Deregistered* - 44754880
    *Deregistered* - 79338263
    *Deregistered* - aswMBR
    *Deregistered* - pwddrkod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 21:07]
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-23 21:07]
    .
    2011-09-23 c:\windows\Tasks\HPCeeScheduleForkmailler.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
    .
    2011-09-26 c:\windows\Tasks\RegInOut Scheduled Scan - kmailler.job
    - c:\program files\RegInOut\RegInOut.exe [2011-02-07 21:24]
    .
    2011-01-06 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\smartd~1\Messages\SDNotify.exe [2011-01-06 17:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\kmailler\AppData\Roaming\Mozilla\Firefox\Profiles\0jsovf5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-10-18 16:03:16
    ComboFix-quarantined-files.txt 2011-10-18 20:03
    .
    Pre-Run: 96,535,961,600 bytes free
    Post-Run: 96,874,704,896 bytes free
    .
    - - End Of File - - 76621133AF99E459252A42016F3D9E60

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Have you ran TDssKIller? IF so where is the log? Are you still getting popups?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default

    I ran that and it said it found nothing.

    Still getting pop ups and they're all survey junk. One was blocked by avast as a trojan.

    Anything bad in the logs I sent?

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Still getting pop ups and they're all survey junk. One was blocked by avast as a trojan.

    Anything bad in the logs I sent?
    No, Nothing that would indicate a infection.

    1.
    • Go to Start -> Control Panel -> Network and Internet Connection ->Network Connections.
    • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
    • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
    • Click OK twice.
      spacer.gif
    • Go to Start -> Run...
    • In the Open: field type cmd and click OK or hit Enter.
      This will open a Command Prompt.
    • At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
    • Exit the Command Prompt.
    • Reboot your PC and try to open any website.



    2.
    Are you connected to the internet through a Router? If so we need to reset that router.
    How to reset your router.

    3.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 1 (SCAN) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    Things to include in your next reply::
    RogueKiller log
    Still getting popups?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Dec 2008
    Location
    cornwall, new york
    Posts
    172
    Points
    0

    Default

    RogueKiller V6.1.3 [10/14/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/36)

    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: kmailler [Admin rights]
    Mode: Scan -- Date : 10/18/2011 19:44:13

    Bad processes: 0

    Registry Entries: 5
    [SUSP PATH] Update Check.job : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver: [LOADED]

    HOSTS File:
    1

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

Page 1 of 2 12 LastLast