Solved I suspect my system is compromised

February 16, 2013 at 05:18:55
Specs: Windows 7, 3gb
A few days ago, I downloaded a file using google chrome. It somehow installed an extension named Websearchgood.result-info. I received a system alert from Windows, I don't remember exactly the message, but I chose"delete restoration data and proceed to system boot menu". I received messages from gmail saying suspicious attempts to login have been attempted. I have deleted websearchgood.result-info, but I still suspect my system is hacked. After this problem, I installed a kaspersky 2013 Internet security, and I use the safe money tab even to browse and I added a 2 step verification for gmail login where I get a security code to login. I used to get message to my phone from google as LM-GOOGLE but at times the security code comes with the name LM-google. Is my system compromised, What am I supposed to do now?

See More: I suspect my system is compromised

Report •


✔ Best Answer
February 17, 2013 at 06:26:45
After finishing the above, how is it running? It should be nice & zippy, nothing unusual/glitches etc.

I'm going to bed now, I shall catch up later.

As you were concerned about being comprimised, changing ALL your passwords is a safe move.
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"

John in Western Australia
http://www.timeanddate.com/worldclo...



#1
February 16, 2013 at 05:35:15
I will give you a start, will be going to bed soon. MrGoodguy will probably take over, he is 5 hrs ahead of me.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Reboot

3: Run Hitman Pro, then Copy & Paste the contents of the log please.
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
Review
http://www.youtube.com/watch?v=WmPQ...


Report •

#2
February 16, 2013 at 05:44:53
Please copy & paste instructions into a text file, print steps & info. You will need them, as they are hard to remember, for when you are offline.

After posting the Hitman log, run these.

4: Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Post those results in your next reply.

5: Run ComboFix & post the contents of the log please.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

6: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://www.sur-la-toile.com/RogueKi...
http://www.sur-la-toile.com/RogueKi...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#3
February 16, 2013 at 05:49:47
7: Run ESET Online Scanner, Copy & Paste the contents of the log please. This scan may take a very long while, so please be patient. Start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a thumb drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...

Report •

Related Solutions

#4
February 16, 2013 at 11:54:07
You can start with a quick scan with Malwarebytes:
http://www.filehippo.com/download_m...
and fix all it finds. Google chrome is not my favorite browser....

If that doesn't remedy your problem...then run these 3 free progs in EXACTLY the order listed
1- rkill.exe
http://www.bleepingcomputer.com/dow...
2- tdss killer
http://support.kaspersky.com/5350
3- malwarebytes
http://www.filehippo.com/download_m...
Good luck and let us know how you are proceeding...thanks

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#5
February 16, 2013 at 12:43:32
Can you reply with all the logs generated by the scans please.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#6
February 16, 2013 at 20:37:08
Thank you all for the quick responses.
I have posted the reports,
1.unhide:-
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/16/2013 09:39:03 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 146890 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 8283 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 32849 files processed.

The C:\Users\PLVIVEMU\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 02/16/2013 09:43:23 PM
Execution time: 0 hours(s), 4 minute(s), and 20 seconds(s)

2.Combofix:-

ComboFix 13-02-15.01 - PLVIVEMU 16-02-2013 22:36:35.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3070.1184 [GMT 5.5:30]
Running from: c:\users\PLVIVEMU\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PLVIVEMU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenBitCoin.exe.lnk
c:\users\PLVIVEMU\Documents\~WRL0803.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-16 to 2013-02-16 )))))))))))))))))))))))))))))))
.
.
2013-02-16 17:14 . 2013-02-16 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 16:59 . 2013-02-16 16:59 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2013-02-16 16:44 . 2013-02-16 16:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-02-16 16:37 . 2013-02-16 16:37 -------- d-----w- c:\program files\HitmanPro
2013-02-16 16:31 . 2013-02-16 16:44 -------- d-----w- c:\programdata\HitmanPro
2013-02-16 15:48 . 2013-02-16 15:48 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\Mipony
2013-02-16 15:47 . 2013-02-16 15:47 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\Mipony Download Manager Packages
2013-02-16 15:44 . 2013-02-16 15:44 -------- d-----w- c:\program files\Microsoft Silverlight
2013-02-16 15:41 . 2013-02-16 15:41 -------- d-----w- c:\program files\MiPony
2013-02-16 15:40 . 2013-02-16 15:40 -------- d-----w- c:\program files\Delta
2013-02-16 15:40 . 2013-02-16 15:40 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\Delta
2013-02-16 15:39 . 2013-02-16 15:39 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\DSite
2013-02-11 12:32 . 2013-02-11 12:32 -------- d-----w- c:\programdata\Playrix Entertainment
2013-02-10 13:10 . 2013-02-14 11:27 -------- d-----w- c:\programdata\AlawarWrapper
2013-02-10 13:09 . 2013-02-10 13:09 -------- d-----w- c:\program files\Gamesgames.com
2013-01-27 09:45 . 2013-01-27 09:46 -------- d-----w- c:\windows\$regcmp$
2013-01-27 09:19 . 2012-05-08 12:51 70736 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2013-01-27 09:19 . 2012-05-08 12:51 149432 ----a-w- c:\windows\SGDetectionTool.dll
2013-01-27 09:19 . 2012-05-08 12:51 2267064 ----a-w- c:\windows\PCTBDCore.dll
2013-01-27 09:19 . 2012-05-08 12:51 1681336 ----a-w- c:\windows\PCTBDRes.dll
2013-01-27 09:19 . 2012-05-08 12:51 767928 ----a-w- c:\windows\BDTSupport.dll
2013-01-27 08:40 . 2013-01-28 03:12 -------- d-----w- c:\program files\PC Tools Security
2013-01-27 08:40 . 2013-01-28 03:12 -------- d-----w- c:\program files\Common Files\PC Tools
2013-01-27 07:46 . 2013-01-27 07:47 -------- d-----w- c:\users\PLVIVEMU\AppData\Local\Deployment
2013-01-27 07:46 . 2013-01-27 07:46 -------- d-----w- c:\users\PLVIVEMU\AppData\Local\Apps
2013-01-27 07:34 . 2013-01-27 07:34 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\CleanMyPC Software
2013-01-27 07:34 . 2013-01-27 07:34 -------- d-----w- c:\program files\CleanMyPC
2013-01-27 06:00 . 2013-01-27 06:00 -------- d-----w- c:\program files\Enigma Software Group
2013-01-27 06:00 . 2013-01-27 06:47 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-27 05:48 . 2013-01-27 05:48 -------- d-----w- c:\windows\ELAMBKUP
2013-01-27 05:48 . 2013-02-16 16:17 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-27 05:48 . 2013-01-27 05:48 -------- d-----w- c:\program files\Kaspersky Lab
2013-01-27 05:48 . 2012-08-13 12:54 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-01-27 04:04 . 2013-01-27 04:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-01-27 03:04 . 2013-01-27 03:04 -------- d-----w- c:\programdata\XoftSpySE
2013-01-27 02:54 . 2013-01-27 02:54 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\SpeedyPC Software
2013-01-27 02:54 . 2013-01-27 02:54 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\DriverCure
2013-01-27 02:54 . 2013-01-27 06:45 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-26 09:20 . 2012-01-20 08:44 17280 ----a-w- c:\windows\system32\roboot.exe
2013-01-26 09:20 . 2013-01-26 09:23 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\systweak
2013-01-26 09:17 . 2013-01-26 09:17 -------- d-----w- c:\program files\Google Books Downloader
2013-01-26 07:28 . 2013-01-26 07:28 -------- d-----w- c:\programdata\ClickIT
2013-01-26 07:27 . 2013-01-26 09:20 -------- d-----w- c:\programdata\Search-NewTab
2013-01-26 07:25 . 2013-01-26 10:55 -------- d-----w- c:\program files\WxDownload
2013-01-26 07:25 . 2013-01-26 09:21 -------- d-----w- c:\programdata\wxDownload
2013-01-26 07:24 . 2013-01-26 09:21 -------- d-----w- c:\programdata\InstallMate
2013-01-21 15:25 . 2013-01-21 15:25 -------- d-----w- c:\users\PLVIVEMU\AppData\Roaming\YourFileDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-16 16:15 . 2012-07-07 14:41 16608 ----a-w- c:\windows\gdrv.sys
2013-02-11 11:30 . 2012-12-16 01:46 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-08 16:38 . 2012-07-16 05:33 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 16:38 . 2012-07-16 05:33 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-27 08:46 . 2012-06-08 06:08 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-01-27 08:46 . 2012-07-25 09:23 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-01-27 08:46 . 2012-05-25 14:08 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-10-16 1398680]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"RGSC"="e:\gta 4\Grand Theft Auto IV\RGSC\RGSCLauncher.exe" [2010-02-25 611720]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2012-11-01 1403680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-11 1124016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-27 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ginger.lnk - c:\windows\Installer\{4715760F-AF61-494C-A699-7DF5D29A03A8}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe [2013-1-17 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 GingerUpdateService;GingerUpdateService;c:\program files\Ginger\GingerUpdateService\GingerUpdateService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
S2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 12:54 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 16:38]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-27 07:47]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-27 07:47]
.
2013-02-16 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-31 01:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=50c0786a00000000000000241df5e2c9
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.good-results.info/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)
ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)
ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)
ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3579260014-155405728-1551081875-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,43,e9,41,5b,37,e0,ac,04,db,34,ff,2b,3c,9b,54,85,f6,e8,06,51,
96,0e,5f,8b,b6,3f,e3,0c,97,d9,db,94,d5,4d,26,d8,69,bc,0c,a9,a1,70,7a,85,8e,\
"rkeysecu"=hex:64,72,28,51,23,35,18,17,54,5e,ac,72,42,d8,b1,48
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-16 22:46:58
ComboFix-quarantined-files.txt 2013-02-16 17:16
.
Pre-Run: 3,493,621,760 bytes free
Post-Run: 3,748,474,880 bytes free
.
- - End Of File - - 35104610BC75F0F14C0ADF10D3B72007

3.hitmanpro report:-


Computer name . . . . : PLVIVEMU-PC
Windows . . . . . . . : 6.1.0.7600.X86/2
User name . . . . . . : PLVIVEMU-PC\PLVIVEMU
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2013-02-16 22:07:48
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 2
Traces . . . . . . . : 94

Objects scanned . . . : 940,405
Files scanned . . . . : 36,768
Remnants scanned . . : 321,674 files / 581,963 keys

Malware _____________________________________________________________________

C:\Users\PLVIVEMU\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BNOWUW4\search_defender_alternate_166[1].exe -> Deleted
Size . . . . . . . : 1,538,892 bytes
Age . . . . . . . : 21.4 days (2013-01-26 12:57:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 4DB6C0525B5CF031AFCE49EB1BC200523ECC7964BB9C311A8835AA9451AC9000
> a-Squared . . . . : Trojan.Win32.SProtector.AMN!A2
Fuzzy . . . . . . : 114.0

C:\Users\PLVIVEMU\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WT2ZVKDA\agent_setup[1].exe -> Deleted
Size . . . . . . . : 306,176 bytes
Age . . . . . . . : 21.4 days (2013-01-26 12:57:05)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 324731716430AA51607FF68BD628BB4BC4C912C847B493545932A0537063B2CC
Product . . . . . : Agent
Publisher . . . . : BetterSoft
Description . . . : Installer
Version . . . . . : 2013.1.23.2201
Copyright . . . . : Copyright © 2012 BetterSoft
> a-Squared . . . . : Trojan.Win32.InstalleRex.H.AMN!A2
Fuzzy . . . . . . : 108.0

4. Rougekiller:-
a.Report1:-
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Scan -- Date : 02/16/2013 22:53:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] DSite : C:\Users\PLVIVEMU\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02162013_02d2253.txt >>
RKreport[1]_S_02162013_02d2253.txt

b.Report2:-
ogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Remove -- Date : 02/16/2013 23:00:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] DSite : C:\Users\PLVIVEMU\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02162013_02d2300.txt >>
RKreport[1]_S_02162013_02d2253.txt ; RKreport[2]_D_02162013_02d2300.txt


c.report3:-
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Remove -- Date : 02/16/2013 23:02:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02162013_02d2302.txt >>
RKreport[1]_S_02162013_02d2253.txt ; RKreport[2]_D_02162013_02d2300.txt ; RKreport[3]_D_02162013_02d2302.txt


d.report4:-
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Remove -- Date : 02/16/2013 23:04:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_02162013_02d2304.txt >>
RKreport[1]_S_02162013_02d2253.txt ; RKreport[2]_D_02162013_02d2300.txt ; RKreport[3]_D_02162013_02d2302.txt ; RKreport[4]_D_02162013_02d2304.txt

e.report5:-
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Remove -- Date : 02/16/2013 23:06:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5]_D_02162013_02d2306.txt >>
RKreport[1]_S_02162013_02d2253.txt ; RKreport[2]_D_02162013_02d2300.txt ; RKreport[3]_D_02162013_02d2302.txt ; RKreport[4]_D_02162013_02d2304.txt ; RKreport[5]_D_02162013_02d2306.txt

f.report6:-
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : PLVIVEMU [Admin rights]
Mode : Remove -- Date : 02/16/2013 23:07:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] 820803fccf43f0e3bc7b434fc5c731f2
[BSP] 7e0dea6b9a62b72f0e0b424b5ae952b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92164905 | Size: 107615 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_D_02162013_02d2307.txt >>
RKreport[1]_S_02162013_02d2253.txt ; RKreport[2]_D_02162013_02d2300.txt ; RKreport[3]_D_02162013_02d2302.txt ; RKreport[4]_D_02162013_02d2304.txt ; RKreport[5]_D_02162013_02d2306.txt ;
RKreport[6]_D_02162013_02d2307.txt


5.ESET report:-
1.a variant of Win32/Adware.MultiPlug.I application
2.a variant of Win32/Adware.MultiPlug.I application
3.a variant of Win32/Adware.MultiPlug.I application
4.a variant of Win32/Adware.MultiPlug.I application
5.Win32/RiskWare.HackAV.IS application
6.Win32/Adware.1ClickDownload.M application
7.Win32/Adware.1ClickDownload.G application
8.Win32/Adware.1ClickDownload.Q application


Report •

#7
February 16, 2013 at 21:07:09
Thanks for all that, lots of problems removed.

Go to my post #2
You missed 4: ListParts


Report •

#8
February 16, 2013 at 21:10:24
List parts:-
ListParts by Farbar Version: 16-01-2013
Ran by PLVIVEMU (administrator) on 16-02-2013 at 22:18:20
Windows 7 (X86)
Running From: C:\Users\PLVIVEMU\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%
Total physical RAM: 3070.49 MB
Available physical RAM: 1689.64 MB
Total Pagefile: 6139.26 MB
Available Pagefile: 4006.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.63 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:43.95 GB) (Free:3.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive e: (Vol_D) (Fixed) (Total:48.83 GB) (Free:13.8 GB) NTFS
5 Drive f: (Vol_E) (Fixed) (Total:56.27 GB) (Free:6.73 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB

Partitions of Disk 0:
===============

Disk ID: 8C658C65

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 43 GB 31 KB
Partition 0 Extended 105 GB 43 GB
Partition 2 Logical 48 GB 43 GB
Partition 3 Logical 56 GB 92 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 43 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Vol_D NTFS Partition 48 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Vol_E NTFS Partition 56 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {6e65e6b6-acf3-11e1-92c3-a5e88b4d40d9}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {6e65e6b4-acf3-11e1-92c3-a5e88b4d40d9}
device ramdisk=[C:]\Recovery\6e65e6b4-acf3-11e1-92c3-a5e88b4d40d9\Winre.wim,{6e65e6b5-acf3-11e1-92c3-a5e88b4d40d9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\6e65e6b4-acf3-11e1-92c3-a5e88b4d40d9\Winre.wim,{6e65e6b5-acf3-11e1-92c3-a5e88b4d40d9}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {6e65e6b8-acf3-11e1-92c3-a5e88b4d40d9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {6e65e6b6-acf3-11e1-92c3-a5e88b4d40d9}
nx OptIn

Windows Boot Loader
-------------------
identifier {6e65e6b8-acf3-11e1-92c3-a5e88b4d40d9}
device ramdisk=[C:]\Recovery\6e65e6b8-acf3-11e1-92c3-a5e88b4d40d9\Winre.wim,{6e65e6b9-acf3-11e1-92c3-a5e88b4d40d9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\6e65e6b8-acf3-11e1-92c3-a5e88b4d40d9\Winre.wim,{6e65e6b9-acf3-11e1-92c3-a5e88b4d40d9}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {6e65e6b6-acf3-11e1-92c3-a5e88b4d40d9}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {6e65e6b5-acf3-11e1-92c3-a5e88b4d40d9}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\6e65e6b4-acf3-11e1-92c3-a5e88b4d40d9\boot.sdi

Device options
--------------
identifier {6e65e6b9-acf3-11e1-92c3-a5e88b4d40d9}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\6e65e6b8-acf3-11e1-92c3-a5e88b4d40d9\boot.sdi


****** End Of Log ******


Report •

#9
February 16, 2013 at 21:17:45
"ListParts"
All good.

8: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

9: Run Junkware Removal Tool
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.


Report •

#10
February 16, 2013 at 21:34:05
Adware cleaner:-
# AdwCleaner v2.112 - Logfile created 02/17/2013 at 10:53:57
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : PLVIVEMU - PLVIVEMU-PC
# Boot Mode : Normal
# Running from : C:\Users\PLVIVEMU\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\PLVIVEMU\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\PLVIVEMU\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\PLVIVEMU\AppData\Roaming\Delta
Folder Deleted : C:\Users\PLVIVEMU\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\YourFileDownloader

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=50c0786a00000000000000241df5e2c9 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=50c0786a00000000000000241df5e2c9 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/ --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PLVIVEMU\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5129 octets] - [17/02/2013 10:53:57]

########## EOF - C:\AdwCleaner[S1].txt - [5189 octets] ##########


Report •

#11
February 16, 2013 at 21:35:44
10: Run Malwarebytes' Anti-Malware ( MBAM ) Use Quick scan. Copy & Paste the contents of the log please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/mbam.php
http://www.spywareinfoforum.com/ind...
http://www.bleepingcomputer.com/vir...
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

11: Run TDSSKiller & post the contents of the log.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...


Report •

#12
February 16, 2013 at 21:36:49
For junk removal I get a message that this file appears malicious

Report •

#13
February 16, 2013 at 21:48:05
"For junk removal I get a message that this file appears malicious"
false positive.

Report •

#14
February 16, 2013 at 21:51:14
Malware byte:-

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.17.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
PLVIVEMU :: PLVIVEMU-PC [administrator]

Protection: Enabled

17-02-2013 11:11:57
mbam-log-2013-02-17 (11-11-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197363
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\PLVIVEMU\Downloads\FastDownload.exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\PLVIVEMU\Downloads\moozy.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\PLVIVEMU\Downloads\Cristian_iHQ.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)


Report •

#15
February 16, 2013 at 22:22:34
Are you still there?

Report •

#16
February 17, 2013 at 05:05:20
Yeah
Now I am available

Report •

#17
February 17, 2013 at 05:28:28
Ok, can you do the TDSS scan post #11

Report •

#18
February 17, 2013 at 05:34:00
No threats were found in TDSS scan

Report •

#19
February 17, 2013 at 05:37:08
12: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#20
February 17, 2013 at 05:43:24
It says google chrome cannot connect to both the links you mentioned
Shall I access the cached copy

Report •

#21
February 17, 2013 at 05:46:58
Yep, give it a try.

Report •

#22
February 17, 2013 at 05:49:10
It takes a lot of time. I cannot access the webpage.

Report •

#23
February 17, 2013 at 05:55:42
I just downloaded it, but am having trouble uploading a zipped up renamed file. Do you have an upload site.

Report •

#24
February 17, 2013 at 05:57:17
It's Ok, the site must have been under heavy load. Here is the link.

http://www.load.to/jD6aYAFthG/ragav...


Report •

#25
February 17, 2013 at 05:59:31
No, I don't. Is there any other means?

Report •

#26
February 17, 2013 at 06:00:46
You should be Ok on the zip file, your comp is very sensitive to exe's.

Report •

#27
February 17, 2013 at 06:01:36
It says first load is not available in my country

Report •

#28
February 17, 2013 at 06:04:19
Are you talking about my post #24?

Report •

#29
February 17, 2013 at 06:04:24
" your comp is very sensitive to exe's".I am not able to interpret the underlying meaning

Report •

#30
February 17, 2013 at 06:05:38
Yeah I am taking about #24

Report •

#31
February 17, 2013 at 06:06:41
yeah, I have downloaded this thank you.

Report •

#32
February 17, 2013 at 06:11:47
screen317:-

Results of screen317's Security Check version 0.99.57
Windows 7 x86 (UAC is enabled)
[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]
Internet Explorer 8 [color=red][b]Out of date![/b][/color]
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Kaspersky Internet Security
AVG Internet Security 2013
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.70.0.1100
CleanMyPC - Registry Cleaner
Java 7 Update 9
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 10.1.5 [color=red][b]Adobe Reader out of Date![/b][/color]
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 4%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#33
February 17, 2013 at 06:12:53
"I am not able to interpret the underlying meaning"
AV's & other security measures ( browser settings etc ) know that .exe files are used by the badies. Zipping up an .exe usually bypasses those security measures, that is why you were able to download my file.

Report •

#34
February 17, 2013 at 06:16:51
These need updating to give you better security.

[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]

Internet Explorer 8 [color=red][b]Out of date![/b][/color]

Java 7 Update 9
[color=red][b]Java version out of Date![/b][/color]

Adobe Reader 10.1.5 [color=red][b]Adobe Reader out of Date![/b][/color]


Report •

#35
February 17, 2013 at 06:18:57
13: Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

14: System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.
Windows 7
http://www.recipester.org/Recipe:Di...

I use these daily on every comp I work on.

15: Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

16: Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...

17: Run MBAM again.


Report •

#36
February 17, 2013 at 06:26:45
✔ Best Answer
After finishing the above, how is it running? It should be nice & zippy, nothing unusual/glitches etc.

I'm going to bed now, I shall catch up later.

As you were concerned about being comprimised, changing ALL your passwords is a safe move.
Change your router password if it is not strong or still uses the default one.
Hack lets intruders sneak into home routers
http://tinyurl.com/4pz64fc
http://compnetworking.about.com/od/...

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"

John in Western Australia
http://www.timeanddate.com/worldclo...


Report •

#37
February 17, 2013 at 06:32:07
Thank you. Was really pleased with your response

Report •

#38
February 17, 2013 at 14:54:43
17: Run MBAM again.

Was it clean?


Report •

#39
February 17, 2013 at 19:56:05
Ran a Quick scan using MBAM, no malware was detected. Was my system hacked?, because the ESET report which I sent detected "Win32/RiskWare.HackAV.IS application"in its report.
I am not able to open .exe files which are downloaded in chrome. I have to open it by clicking, show in folder option and then by double clicking it.

Report •

#40
February 17, 2013 at 20:42:45
"RiskWare.HackAV.IS"
You need to research ( google ) anything you want check up on, there are trillions of combinations of computer problems, I have to google non stop.
http://is.gd/NAVnNT
what is riskware
http://is.gd/QYeAV2

To isolate your .exe problem, try Mozilla Firefox.

If that is Ok, as I said in my post #33 > ( browser settings etc ) will need adjusting to allow .exe files.


Report •

#41
February 17, 2013 at 20:46:15
Forgot this, you can only have 1 realtime AV running, otherwise they are fighting each other. One has to go.

Kaspersky Internet Security
AVG Internet Security 2013


Report •

#42
February 17, 2013 at 20:54:38
Fine. Hope all the problems are solved. Really need to thank you.

Report •

#43
February 17, 2013 at 21:06:00
YW, we got through everything really well.

Report •

#44
February 17, 2013 at 23:55:53
Forgot.

Uninstall ComboFix

Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...
Double check no Combofix files remain, I use this for searching, I have it open all the time.
UltraSearch
http://www.softpedia.com/get/File-m...
http://www.softpedia.com/progScreen...
http://www.jam-software.com/ultrase...


Report •

#45
February 18, 2013 at 01:28:17
I cannot open the ultra search, I am able to open it, but before typing it automatically shuts down

Report •

#46
February 18, 2013 at 01:38:09
Are you right clicking & clicking on > Run as Administrator?

Report •

#47
February 18, 2013 at 01:53:06
It works now :).

Report •

#48
February 18, 2013 at 02:02:47
Make sure in Options, you have these checked.
http://i.imgur.com/zPELCxT.gif

Report •

#49
February 18, 2013 at 02:09:03
It was unchecked. Just now I've changed it. Do you want me to delete the qoobox folder also

Report •

#50
February 18, 2013 at 02:16:24
"Do you want me to delete the qoobox folder also"
Yep, just right click on the files in Ultra & Delete.

The reason we remove everything, is because Combofix has lots of updates per week & the old files have be removed before the new version is run. Hopefully you won't need it again.

Read the guide in my post #2, just in case I've missed something.


Report •

#51
February 18, 2013 at 06:39:30
Okay, fine. I'll do it.

Report •

#52
February 22, 2013 at 05:11:20
It just seemed things were fine but when I tried to enter gmail.com, I saw a page seeing, " An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of gmail.com." But when I go through the new tab gmail icon, there are no such issues?.

Report •

#53
February 22, 2013 at 16:04:30
Refer #40

An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of gmail.com
http://is.gd/pmn5UN


Report •

#54
February 22, 2013 at 17:53:24
ragavraj, did you run response #4?

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#55
March 17, 2013 at 07:50:58
Now things just seem fine.

Report •


Ask Question