Google Redirect Virus Removal Help

May 23, 2010 at 09:56:08
Specs: Microsoft Windows XP Home Edition, 1.599 GHz / 703 MB
Hi guys,
Over the passed week i've noticed that google's link sare redirecting me to ads, virus pages and not connecting to the page i want. I've been looking around and noticed many people are having this problem and i can't find a specific fix for my pc.

I can give you my specs and HiJackThis Log if required and asked.
Please Help Me.


See More: Google Redirect Virus Removal Help

Report •


#1
May 23, 2010 at 12:02:40
nevermind those links

Report •

#2
May 23, 2010 at 23:57:08
I think i've fixed it myself, my pc seems to b running smoothly, and google link arn't redirecting, but random web pages are opening on there on still.
Here's my NEW HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:57:38, on 24/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=www.google.co.uk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Any Solutions From Here?


Report •

#3
May 25, 2010 at 09:03:06
please remove any antivirus programs besides AVG
please uninstall any old versions of sun java.
. click the link to test your java http://java.com/en/download/install...

Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Here are a bunch of examples of how older versions may appear. Uninstall all of these if found:
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java Runtime Environment 1.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) 6 Update 8
Java(TM) 6 Update 9
Java(TM) 6 Update 10 thru Update 17
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each old Java version.
Reboot your computer once all Java components are removed.

Then get updated!


Report •

Related Solutions

#4
May 26, 2010 at 00:04:40
My PC Won't update, i go to the windows update site but it wont open.

Report •

#5
May 26, 2010 at 09:09:46
did you update your java via the above link?

Report •

#6
May 26, 2010 at 13:39:09
Yes Thanks i did, wat now? :D

Report •

#7
May 26, 2010 at 15:41:21
Windows Update and Automatic Update Reset (Fix It) Tool
http://www.winhelponline.com/blog/w...
How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Report •

#8
May 26, 2010 at 21:58:14
Thank You :D
Would you like a HijackThis Log after that to see ? x

Report •

#9
May 27, 2010 at 22:16:13
My computer is still getting pop ups in firefox, and before i start firefox i get a java execution error . HELP? Please? :D

Report •

#10
May 28, 2010 at 01:04:30
Try one powerful prog:

Here is page where you can download it and read about usage:

http://www.bleepingcomputer.com/com...

If it helps you are welcome if not - paste log generated in your next reply.

Sincerely,

;) Security Made Easy ;)


Report •

#11
May 29, 2010 at 02:38:20
That seems to have removed what others wern't but im still getting popups to ads like server2.adz.gl
Here's The Whole Log -
ComboFix 10-05-28.02 - Debbie 29/05/2010 0:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.703.291 [GMT 1:00]
Running from: c:\documents and settings\Debbie\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Debbie\Application Data\inst.exe
c:\windows\system32\c_dll.dll

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAEDRIVER54
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-23 15:49 . 2010-05-23 15:49 -------- d-----w- C:\!KillBox
2010-05-23 15:31 . 2010-05-23 15:31 -------- d-----w- c:\program files\Trend Micro
2010-05-22 11:22 . 2010-05-22 11:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-19 14:21 . 2009-05-20 15:44 16648 ----a-w- c:\windows\system32\drivers\RkPavproc2.sys
2010-05-19 13:14 . 2009-05-20 15:44 16648 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys
2010-05-14 18:01 . 2010-05-14 18:09 -------- dc----w- c:\documents and settings\Debbie\Application Data\Xilisoft Corporation
2010-05-13 14:00 . 2010-05-13 14:00 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\TheSpartan
2010-05-13 11:27 . 2010-05-13 11:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Studio 12
2010-05-13 11:27 . 2010-05-13 11:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2010-05-13 11:27 . 2010-05-13 11:27 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-05-13 11:22 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-13 11:22 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-08 09:32 . 2010-05-13 11:10 -------- dc----w- c:\documents and settings\Debbie\Application Data\proDAD
2010-05-08 09:31 . 2010-05-08 09:31 -------- d-----w- c:\program files\proDAD
2010-05-08 09:30 . 2003-07-01 15:49 69632 ------w- c:\windows\system32\MtxPreview.dll
2010-05-08 09:30 . 2003-07-01 15:49 49152 ------w- c:\windows\system32\MtxParhBFXPreview.dll
2010-05-08 09:30 . 2003-06-26 09:04 237568 ------w- c:\windows\system32\qtmlClient.dll
2010-05-08 09:30 . 2003-01-20 08:08 49152 ------w- c:\windows\system32\CvoAPI.dll
2010-05-08 09:29 . 2010-05-13 10:36 -------- d-----w- c:\program files\Boris FX, Inc
2010-05-07 20:37 . 2010-05-07 20:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2010-05-07 18:05 . 2010-05-07 23:13 -------- dc----w- c:\documents and settings\Debbie\Application Data\WinFF
2010-05-04 13:19 . 2010-05-04 13:19 -------- d-----w- C:\temp
2010-05-04 13:13 . 2006-12-12 10:16 22528 ----a-w- c:\windows\system32\drivers\emAudio.sys
2010-05-04 13:12 . 2006-11-06 12:31 81920 ------w- c:\windows\system32\PCLECoInst.dll
2010-05-04 13:12 . 2005-12-21 08:14 9739 ------w- c:\windows\system32\emUSD.dll
2010-05-04 13:12 . 2005-12-21 08:14 5245 ------w- c:\windows\system32\drivers\emFilter.sys
2010-05-04 13:12 . 2005-12-21 08:14 45056 ------w- c:\windows\system32\emVFW.dll
2010-05-04 13:12 . 2005-12-21 08:14 4493 ------w- c:\windows\system32\drivers\emScan.sys
2010-05-04 13:12 . 2005-12-21 08:14 24269 ------w- c:\windows\system32\drivers\emStream.sys
2010-05-04 13:12 . 2005-12-21 08:14 17808 ------w- c:\windows\system32\emYUV.dll
2010-05-04 13:12 . 2005-12-21 08:14 100957 ------w- c:\windows\system32\drivers\emDevice.sys
2010-05-04 13:12 . 2008-04-13 23:12 53760 -c----w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-04 13:12 . 2008-04-13 23:12 53760 ------w- c:\windows\system32\vfwwdm32.dll
2010-05-04 13:09 . 2010-05-15 20:28 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Pinnacle
2010-05-04 13:09 . 2005-09-23 22:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2010-05-04 13:08 . 2010-05-07 20:38 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Downloaded Installations
2010-05-04 13:06 . 2010-05-13 11:08 -------- d-----w- c:\program files\Pinnacle
2010-05-04 13:06 . 2010-05-04 13:09 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-05-04 13:06 . 2010-05-13 11:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-01 10:46 . 2010-05-01 10:46 -------- dc----w- c:\documents and settings\HelpAssistant\WINDOWS
2010-05-01 10:46 . 2010-05-01 10:46 -------- dc----w- c:\documents and settings\HelpAssistant\UserData
2010-05-01 10:46 . 2010-05-01 10:46 -------- dc----w- c:\documents and settings\HelpAssistant\Tracing
2010-05-01 10:45 . 2010-05-01 10:45 -------- dc----w- c:\documents and settings\HelpAssistant\PrivacIE
2010-05-01 10:37 . 2009-07-26 15:16 34 -c--a-w- c:\documents and settings\HelpAssistant\jagex_runescape_preferences.dat
2010-05-01 10:37 . 2010-05-01 10:37 -------- dc----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-05-01 10:26 . 2009-08-14 19:00 -------- dcsh--w- c:\documents and settings\HelpAssistant\IETldCache
2010-05-01 10:26 . 2010-05-28 17:20 -------- dc----w- c:\documents and settings\HelpAssistant
2010-05-01 09:51 . 2010-05-02 14:09 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\ifsggbsxr
2010-05-01 09:49 . 2010-05-15 09:58 -------- dc----w- c:\documents and settings\Debbie\Application Data\50BA6B573E964546532D5022060C4110
2010-05-01 07:33 . 2010-05-01 07:59 -------- dc----w- c:\documents and settings\Debbie\Application Data\FileZilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 20:46 . 2010-05-23 16:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 07:03 . 2008-11-26 16:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-23 20:20 . 2009-06-30 11:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 17:50 . 2010-05-23 17:50 -------- dc----w- c:\documents and settings\Debbie\Application Data\Avira
2010-05-23 17:35 . 2010-05-23 17:35 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-23 17:35 . 2010-05-23 17:35 -------- d-----w- c:\program files\Avira
2010-05-23 16:49 . 2010-05-23 16:49 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 16:49 . 2010-05-23 16:49 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-745a4c7a-n\msvcp71.dll
2010-05-23 16:49 . 2010-05-23 16:49 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-745a4c7a-n\jmc.dll
2010-05-23 16:49 . 2010-05-23 16:49 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-745a4c7a-n\msvcr71.dll
2010-05-23 16:48 . 2010-05-23 16:48 61440 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-475f05f4-n\decora-sse.dll
2010-05-23 16:48 . 2010-05-23 16:48 12800 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-475f05f4-n\decora-d3d.dll
2010-05-23 16:48 . 2009-03-20 16:06 -------- d-----w- c:\program files\Java
2010-05-23 16:45 . 2010-05-23 16:45 195584 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-3526a17d-n\WMINative.dll
2010-05-23 16:45 . 2010-05-23 16:45 195584 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-1932e715-n\WMINative.dll
2010-05-21 16:45 . 2010-04-15 16:00 -------- dc----w- c:\documents and settings\Debbie\Application Data\uTorrent
2010-05-21 14:28 . 2009-06-16 10:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 15:07 . 2009-11-06 20:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-18 13:33 . 2009-07-05 12:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-15 07:55 . 2010-01-31 12:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-13 11:38 . 2010-05-13 11:38 29926 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2010-05-07 20:40 . 2008-11-26 15:45 79920 -c--a-w- c:\documents and settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-07 18:18 . 2010-05-07 18:18 736 -c--a-w- c:\documents and settings\Debbie\Application Data\WinFF\ff100507191842.bat
2010-05-07 13:10 . 2010-05-07 13:41 0 -c--a-w- c:\documents and settings\HelpAssistant\ntuser.tmp
2010-05-03 15:33 . 2009-06-30 11:11 -------- d-----w- c:\program files\CCleaner
2010-05-03 12:13 . 2008-11-27 16:03 -------- d-----w- c:\documents and settings\Debbie\Application Data\Vso
2010-05-01 23:38 . 2010-05-01 23:38 17920 -c--a-w- c:\documents and settings\Debbie\Application Data\50BA6B573E964546532D5022060C4110\hookdll.dll
2010-04-21 11:06 . 2009-12-01 07:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-20 13:44 . 2010-04-20 13:44 -------- dc----w- c:\documents and settings\Debbie\Application Data\Utherverse
2010-04-15 20:11 . 2009-08-14 14:17 -------- dc----w- c:\documents and settings\Debbie\Application Data\GetRightToGo
2010-04-15 16:00 . 2010-04-15 16:00 -------- d-----w- c:\program files\uTorrent
2010-03-30 10:28 . 2009-09-05 15:41 509708424 ----a-w- c:\documents and settings\Debbie\Application Data\ijjigame\U_SFInstaller.exe
2010-03-23 14:36 . 2008-11-26 15:37 499712 ------w- c:\windows\system32\msvcp71.dll
2010-03-23 14:36 . 2008-11-26 15:37 348160 ------w- c:\windows\system32\msvcr71.dll
2010-03-20 16:17 . 2010-03-20 16:17 249856 ------w- c:\windows\Setup1.exe
2010-03-20 16:17 . 2010-03-20 16:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-03-12 09:33 . 2009-12-01 07:51 12464 ------w- c:\windows\system32\avgrsstx.dll
2010-03-12 09:33 . 2009-12-01 07:51 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 09:28 . 2009-12-01 07:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 09:26 . 2010-03-04 09:26 86016 ------w- c:\windows\system32\frapsvid.dll
2010-03-01 09:05 . 2010-05-23 17:35 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 09:33 12464 ------w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-12-07 15:30 71008 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1227791240\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 11:53 53248 ------w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2004-10-12 06:00 143360 ------w- c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lxdn_device"=2 (0x2)
"lxdnCATSCustConnectService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe
"VTTrayp"=VTtrayp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
atlpq REG_SZ c:\windows\system32\cleagman.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxdncfg.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Debbie\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Documents and Settings\\Debbie\\Local Settings\\Application Data\\Xenocode\\Sandbox\\Kuma Client\\1.0.0.3\\2009.09.29T16.07\\Native\\STUBEXE\\7.1.343\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3739:TCP"= 3739:TCP:WWW
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1700:TCP"= 1700:TCP:Services
"1900:TCP"= 1900:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2443:TCP"= 2443:TCP:Services
"3386:TCP"= 3386:TCP:Services
"3849:TCP"= 3849:TCP:Services
"6198:TCP"= 6198:TCP:Services
"7232:TCP"= 7232:TCP:Services
"4366:TCP"= 4366:TCP:Services
"9732:TCP"= 9732:TCP:Services
"9731:TCP"= 9731:TCP:Services
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"6963:TCP"= 6963:TCP:Services
"6964:TCP"= 6964:TCP:Services
"6932:TCP"= 6932:TCP:Services
"4216:TCP"= 4216:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/12/2009 08:51 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/12/2009 08:51 242896]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [06/12/2009 20:33 33824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2010 18:35 135336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/12/2009 08:50 308064]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [30/07/2009 17:53 98984]
S2 yqhvwp;yqhvwp;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 12:00 14336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [23/06/2009 10:51 17149]
S3 dump_wmimmc;dump_wmimmc;\??\c:\blackshot\Blackshot\system\GameGuard\dump_wmimmc.sys --> c:\blackshot\Blackshot\system\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [19/05/2010 14:14 16648]
S3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [19/05/2010 15:21 16648]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva311;XDva311;\??\c:\windows\system32\XDva311.sys --> c:\windows\system32\XDva311.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" --> c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 03:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS --> c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yqhvwp
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-10-25 09:22]

2010-05-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-06-30 14:31]

2010-05-24 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-06-30 14:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\gopz16hw.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file)
ShellIconOverlayIdentifiers-{0847B599-9191-4A27-BD61-DE11598D3B1B} - (no file)
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file)
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-lxdnmon - (no file)
ActiveSetup-{112BB811-3153-112A-D3A0-0ED826C39B08} - c:\windows\system32:winhic.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 00:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x831DC608]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7d0cf28
\Driver\ACPI -> ACPI.sys @ 0xf7b9fcb8
\Driver\atapi -> 0x831dc608
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> 0x82850440
PacketIndicateHandler -> NDIS.sys @ 0xf7a20a0d
SendHandler -> NDIS.sys @ 0xf7a34b40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdncoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\wanmpsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-29 00:36:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 23:36

Pre-Run: 45,471,313,920 bytes free
Post-Run: 45,641,764,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 39CBEC1E78151FDCDE040F30B7261530
What would you recommend next ? :D


Report •

#12
May 29, 2010 at 05:30:34
Make sure all the entries for MYWEBSEARCHSERVICE are gone.

http://www.google.com.au/#hl=en&q=M...

http://www.exterminate-it.com/malpe...


Report •

#13
May 29, 2010 at 07:24:11
Make sure all instances DAEDRIVER54 are gone.

http://www.google.com.au/#hl=en&sou...

http://www.threatexpert.com/report....


Report •

#14
May 29, 2010 at 07:37:40
You only need 1 realtime AV installed, either AVG or Avira.

Report •

#15
June 6, 2010 at 05:35:32
AVG picks up thing Avira don't and Avira picks up things AVG don't, so do i really have to only have one?

Report •

#16
June 6, 2010 at 17:53:11
If you are sure they are both real time monitoring AV's, one is best.

I use Avast, which has a very good spyware program built in.

http://ask-leo.com/can_i_run_more_t...

Avast
http://www.freewarefiles.com/Avast-...
http://download.cnet.com/Avast-Free...
http://www.download.com/Avast-Home-...
http://www.avast.com/free-antivirus...
FREE antivirus software with spyware protection: avast! Home Edition
Re-register after 14 months free use ( Still stays free )


Report •

#17
June 6, 2010 at 19:59:12
I googled you earlier request about running 2 AV's, just had a deeper lot & there are plenty of others saying the same.

Security Programs:
http://www.5starsupport.com/ipboard...
It is essential these days to have a few security programs installed and running on your machine. However, there are a few caveats; you should not install more than one anti-virus or firewall. This actually does more harm than good, and will cause a lot of issues for your PC.
Step 4: Antivirus
http://www.help2go.com/content/tuto...
You should have an up-to-date anti-virus program running on your computer. Anti-virus is NOT like anti-spyware. You should only have ONE anti-virus program running on your PC. If you don't have one, we recommend the free Avast anti-virus.
Response Number 3
http://www.computing.net/answers/se...
First of all you have two antivirus programs running, AVG and Nortons, they will conflict and cause you problems. Choose which one you like the best and uninstall the other.
Step Two: Viruses/Trojans
http://www.geekstogo.com/forum/Malw...
Important note: Geeks to Go highly recommends uninstalling any existing antivirus software BEFORE installing another antivirus application. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Only ONE should be installed on a system at any time.
Important: Uninstall any old or outdated antivirus program(s), including Security Suites before upgrading or replacing with a new one.
http://www.techsupportteam.org/foru...
Important: You should only have one antivirus and one firewall running at any time. If you have two or more of either running then deactivate or uninstall all but one of each now before continuing.


Report •

#18
June 6, 2010 at 20:42:24
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0950A600
malicious code @ sector 0x0950A603 !
PE file found in sector at 0x0950A619 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

you also still have instances of viewpoint and GameMon

your not clean yet!!!

go here and get rootrepeal

http://sites.google.com/site/rootre...
and post the log.

then get this http://forums.majorgeeks.com/showth...
and e-mail me the logs they are too big
for the forum! I will PM you my e-mail.
cheers


Report •


Ask Question