Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log.
2) Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.
-------------------------------------------------
0 
Try: Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:# Check below options: * Select all the objects/places to be scanned. * Settings > Customize > Heuristic analyzer > Enable deep rootkit search # Click Scan # Fix what it detects # Attach Scan log/Summary to your next message.Illustrated tutorial: http://img32.imageshack.us/img32/76...
If I'm helping you and I don't reply within 24 hours send me a PM.
0
I ran the kaspersky tool and it found No threats. There was no log to attach. I, also downloaded and ran Spyware doctor which said it found 9 threats. But I cannot fix them unless I buy the tool.
v
0
Do you get redirected in ie aswell?
If I'm helping you and I don't reply within 24 hours send me a PM.
0
Yes, in IE as well. i just finished a quick scan using super anti spyware which corrected (?) 53 threats. However, I still am being redirected with every search. I am going to run a full scan and see if that helps. Please let me know what, you suggest. I am able to access all pages that I try to open which I could not do before.
0
Here is the log from the quick scan:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/11/2009 at 09:08 PM
Application Version : 4.26.1004
Core Rules Database Version : 3936
Trace Rules Database Version: 1879Scan type : Quick Scan
Total Scan Time : 00:22:28Memory items scanned : 554
Memory threats detected : 0
Registry items scanned : 458
Registry threats detected : 33
File items scanned : 8011
File threats detected : 20Adware.URLBlaze
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKU\S-1-5-21-57989841-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\InprocServer32#ThreadingModel
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\ProgID
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\Programmable
HKCR\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\VersionIndependentProgIDAdware.Tracking Cookie
C:\Documents and Settings\USER 1\Cookies\user_1@at.atwola[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@2o7[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@atdmt[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@tacoda[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@www.stopzilla[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@advertising[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@xiti[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@smartadserver[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@statcounter[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@stopzilla[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@ad.yieldmanager[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@revsci[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@macombcountymi[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@msnservices.112.2o7[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@msnportal.112.2o7[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@tribalfusion[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@yadro[2].txt
C:\Documents and Settings\USER 1\Cookies\user_1@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@overture[1].txt
C:\Documents and Settings\USER 1\Cookies\user_1@doubleclick[1].txtUnclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#zip [ {eeff746b-1131-4ce9-9d63-e56820f6adff} ]Rootkit.Agent/Gen-GXServ
HKLM\Software\gxvxc
HKLM\Software\gxvxc\disallowed
HKLM\Software\gxvxc\disallowed#avp.exe
HKLM\Software\gxvxc\disallowed#klif.sys
HKLM\Software\gxvxc\disallowed#mrt.exe
HKLM\Software\gxvxc\disallowed#spybotsd.exe
HKLM\Software\gxvxc\disallowed#sasdifsv.sys
HKLM\Software\gxvxc\disallowed#saskutil.sys
HKLM\Software\gxvxc\disallowed#sasenum.sys
HKLM\Software\gxvxc\disallowed#superantispyware.exe
HKLM\Software\gxvxc\disallowed#szkg.sys
HKLM\Software\gxvxc\disallowed#szserver.exe
HKLM\Software\gxvxc\disallowed#mbam.exe
HKLM\Software\gxvxc\disallowed#mbamswissarmy.sys
HKLM\Software\gxvxc\disallowed#pctssvc.sys
HKLM\Software\gxvxc\disallowed#pctcore.sys
HKLM\Software\gxvxc\disallowed#mchinjdrv.sys
HKLM\Software\gxvxc\disallowed#avgfwdx.sys
HKLM\Software\gxvxc\disallowed#avgldx86.sys
HKLM\Software\gxvxc\disallowed#avgmfx86.sys
HKLM\Software\gxvxc\disallowed#avgrkx86.sys
HKLM\Software\gxvxc\disallowed#avgtdix.sys
HKLM\Software\gxvxc\disallowed#hijackthis.exe
HKLM\Software\gxvxc\disallowed#combofix.exe
0
Note: Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.i) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin ExecuteStdScr(3); RebootWindows(true); end.
Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.2) Can you also make a new HijackThis log and upload it to rapidshare.com. HijackThis: Here
If I'm helping you and I don't reply within 24 hours send me a PM.
0
I downloaded AVZ but the tabs only have numbers on them and not words. All the gui labels are numbers.
0
Just follow Image tutorial and see if you can generate a log.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
1. Download Link: Click here to download file
http://rapidshare.com/files/2436126...
MD5: 3B767D21C2204057C65F3066FE0EE8E31. Download Link: Click here to download file
http://rapidshare.com/files/2436129...
MD5: 8CD716CB41E7A733129DA433BD7638BC
0
Seems like Superantispyware took care of most of the rootkit. Run Superantispyware again fix what it detects and reboot into safe mode with networking redownload, install and run Response Number 3.
If I'm helping you and I don't reply within 24 hours send me a PM.
0
Superspyware found no errors. I ran mbam.exe and got the following results: I did nothing based on the results waiting on your response.
1. Download Link: Click here to download file
http://rapidshare.com/files/2437743...
MD5: 85246731A6EEFF5000C41BF360F30811
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
