Malware byes blocking incoming ips

October 4, 2012 at 19:28:41
Specs: Windows 7, 4
Hi. For the past couple of days I have been getting blocked attempts from ip addreses in china, it says svchost - which i believe is in my windows?
Im not sure how svchost is connected to the blocked attempts but im guessing if its in windows, that this isnt a good thing!
I have done a full scan of malware bytes and it shows no infections and i also did a free scan from macafee and again, nothing.
Its a new ultrabook and the anti virus trial finished, so for a couple of days i was without any protection, other than Malware bytes which i regular checks etc.
Also I had Chatzum randomly come as my search bar, and a chatzum_nt application, i deleted the app into recyle bin and then deleted it - but there are probably some traces as ive read that also goes in registry...

OK thats a lot of problems, i know.
1- any info on how to remove these would be great and if its a simple job for a local computer shop to do and to be trusted to do fully?
2- Can these attempts access my financial info as i have been online banking stupidly thinking nothing of the alerts?
3- Should i stop using the internet, or is it ok to use non financial services online etc?

Many thanks and sorry for sp as its very late in UK.


See More: Malware byes blocking incoming ips

Report •


#1
October 4, 2012 at 19:38:24
Try SuperAntiSpyware free from this link:
http://www.superantispyware.com/
It is good at sorting out browser problems.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
October 4, 2012 at 19:55:46
Was that a dodgy link? U trick me?
Because i got 198 tracking and 4 harmful threats - Hijacker.taskbar or something, ill post it when t finishes deleting..

I get the feeling ive been duped, though :(


Report •

#3
October 4, 2012 at 20:47:55
"Was that a dodgy link? U trick me?"
The link is good.

I get the feeling ive been duped, though :(
You have, the split second you clicked something & let it on your computer, you are now heavily infected. Not a small job to remove.

Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"

Here a very good step by step guide to get you started.
http://www.selectrealsecurity.com/m...
http://www.selectrealsecurity.com/o...


Report •

Related Solutions

#4
October 4, 2012 at 21:13:57
Ok thumbs up to the first reply, so far no more incoming blocked crap...

In response to JohnW - I already ran TDSS killer. But when i downloaded it (because of the blocked incoming ips) thats when the Chatzum started. But the TDDS looks ok, it says Kapersky as the publisher?? It found nothing, but it either triggered Chatzum or it added it as well?

I deleted some of Chazum but its still using it as the homepage, im more worried about the incoming ips....

My friend suggested OTL, so im going to try that.

Many thanks guys.


Report •

#5
October 4, 2012 at 21:36:53
Still no more incoming which is good, chazum still there..

I d/l OLT and it gave me 2 logs, i dont know what they are for but they have errors on the extras txt log - lots of "ip route manager service failed to start"
and " has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver."

I dunno, if anyone can help with the logs as i dont know what im looking for. To be honest i doubt the repair shop or pc world would know, either ha.


Report •

#6
October 4, 2012 at 21:52:00
"I d/l OLT and it gave me 2 logs"
You can post the logs here, or upload to a site of your choice.

In the meantime, run these & then tell me how it is running.

Anything that won't run, try Safe mode with Networking.

1: Run Unhide
http://www.bleepingcomputer.com/vir...
http://download.bleepingcomputer.co...
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Reboot

3; Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


Report •

#7
October 4, 2012 at 21:54:14
"To be honest i doubt the repair shop or pc world would know, either ha"
They don't usually bother, takes too much time & as a consequence too much money.

They just Delete all the Partitions & Format.


Report •

#8
October 4, 2012 at 22:04:21
The files are too big for the forum post :(( even if i halve them..

I will do what you said and come back... Much Appreciated, really.

I ran Super anti again and it found another 200 tracking, although at least the incoming has stopped.


Report •

#9
October 4, 2012 at 22:13:56
unhide:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 10/05/2012 06:10:49 AM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 154474 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 4 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

The C:\Users\Nima\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/05/2012 06:11:46 AM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)


Report •

#10
October 4, 2012 at 22:25:04

Block those tracking cookies with Ghostery. If SuperAntiSpyware still finds tracking cookies after installing Ghostery, that probably means you have not set it up properly.

http://www.ghostery.com/
http://www.ghostery.com/download
Firefox
https://addons.mozilla.org/en-US/fi...
Internet Explorer
http://www.ghostery.com/download-ie
Chrome
https://chrome.google.com/extension...
Opera
https://addons.opera.com/addons/ext...
Protect your privacy. See who's tracking your web browsing and block them with Ghostery.


Report •

#11
October 4, 2012 at 22:35:20
# AdwCleaner v2.003 - Logfile created 10/05/2012 at 06:31:43
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nima - NIMA-PC
# Boot Mode : Normal
# Running from : C:\Users\Nima\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\ChatZum Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Nima\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Nima\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Nima\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Nima\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Nima\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]
Deleted [l.1692] : urls_to_restore_on_startup = [ "hxxp://search.chatzum.com" ]

*************************

AdwCleaner[S1].txt - [8116 octets] - [05/10/2012 06:31:43]

########## EOF - C:\AdwCleaner[S1].txt - [8176 octets] ##########


Report •

#12
October 4, 2012 at 22:54:18
Hey the ghostry link didnt work for my region (uk)

I ran antispy again and waited to see if i can catch where the threats were and its wasnt under any drive... It was scanning c drive with no threats - then went to ". something.." no c.//... just a full stop but i couldnt read after that as it was too fast... every time around 195 threats.

But main concern was the ip incoming as i think thats a trojan or something, i dunno.

Many thx


Report •

#13
October 4, 2012 at 22:54:43
I'm hoping AdwCleaner got rid of the Chatzum problem.

I just googled & got this very good removal procedure for Chatzum, check it out his way & see if any remnants remain.
http://www.im-infected.com/hijacker...

Let me know how it is running.


Report •

#14
October 4, 2012 at 23:04:07
"Hey the ghostry link didnt work for my region (uk)"
I"m in Western Australia, the infection is probably stopping you, leave it till the comp is normal again.

"But main concern was the ip incoming as i think thats a trojan or something"
After you do the Chatzum recheck, lets dig deeper.

Rename or use Safe mode with networking if you have to. Always post logs & tell us how it is running.

1: TDSSKiller
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...

Rename TDSSKiller
http://forums.majorgeeks.com/showth...
http://www.bleepingcomputer.com/vir...

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
http://support.kaspersky.com/faq/?q...

Malwarebytes' Anti-Malware ( MBAM ) Use Quick scan.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/mbam.php
http://www.spywareinfoforum.com/ind...
http://www.bleepingcomputer.com/vir...
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.


Report •

#15
October 4, 2012 at 23:06:48
Yeah Cahzum crap went! Although it could be lingering as im guessing thats what the tracking cookies are...

Some of the tracking cookies are from normal sites so thats ok..

Just the incoming , svchost? on another forum it said to never use banking again or reinstall windows again? Seems to have stopped, i dunno!! And from CHINA!

Many thanks for your help my friend, its better than it was.


Report •

#16
October 4, 2012 at 23:10:26
I don't want to get too far ahead of myself, I will now wait until you tell me what happened in posts 13 & 14.

Report •

#17
October 4, 2012 at 23:35:39
hey !

13- i found the chatzum app on the control panel before posting, just deleted it from recycle bin..And im sure the cleaner got rid of the rest - i cant find anything.
14 - tdds never found anything from the start of the problem. But it was when Chatzum started - but it looks legit with the Kapersky as publisher... ran it again, nothing and no Chatzum
MalBytes also never found anything throughout...

No more attacks but still uncertain.... any more ideas welcome. I probably shouldnt use banking/purchasing etc? I dunno if im overreacting lol

But many thanks again


Report •

#18
October 4, 2012 at 23:41:39
"I probably shouldnt use banking/purchasing etc?'
Correct.

Run ESET & post the log please, even if it dos'nt find anything.
http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#19
October 4, 2012 at 23:54:08
Its taking a while... i will post

Report •

#20
October 5, 2012 at 00:00:57
Yep, depending on what's going on in your comp, it can take a long while.

What are C - D & F drives?


Report •

#21
October 5, 2012 at 00:07:09
c is the hdd500 - the other 2 are one is a 24ssd(or32) hybrid so it qualifies for ultrabook bulls---... and the other one is im using a usb dongle for internet.

nearly done, so far 3 threats all on 99% haha


Report •

#22
October 5, 2012 at 00:16:02
its done 20000 files on 99%
One threat is a varient of win32 softonicdownloader.e application... That could be my tdds killer as thats when chazum started? But the incoming blocked ip was *before* dl that...

still on 99% done 40000 files on that,.


Report •

#23
October 5, 2012 at 00:39:43
im back, didnt give me auto log...

the threats are in appdatalocal//yontoo set up temp files... i think those are the chatz thing tho not the attacks ha...


Report •

#24
October 5, 2012 at 00:48:42
"The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop."

Report •

#25
October 5, 2012 at 00:49:54
"I d/l OLT and it gave me 2 logs"
You can post the logs here, or upload to a site of your choice"
Did you upload those logs?
Do you know how to upload?

Report •

#26
October 5, 2012 at 00:53:39
thanks :)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5f587c058f1d684881ce747c84179a90
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-05 07:33:49
# local_time=2012-10-05 08:33:49 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 5116 5116 0 0
# compatibility_mode=5893 16776574 100 94 0 101884733 0 0
# compatibility_mode=8192 67108863 100 0 249 249 0 0
# scanned=127273
# found=3
# cleaned=3
# scan_time=2745
C:\Users\Nima\AppData\Local\Temp\yontoo-c2.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nima\AppData\Local\Temp\YontooSetup-S.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nima\Downloads\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Report •

#27
October 5, 2012 at 00:59:15
"thanks :)"
I had already given you that info, write down instructions so you don't have to remember.

Run TFC
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Report •

#28
October 5, 2012 at 01:14:23
780mbs... took a few secs..

Thanks for all this


Report •

#29
October 5, 2012 at 01:16:54
sorry just saw the above post... no not really, can/should i email u it? the logs.. and are they logged because i didnt save them stupidly...


Report •

#30
October 5, 2012 at 01:25:41
found the logs...

Report •

#31
October 5, 2012 at 01:26:26
"sorry just saw the above post... no not really, can/should i email u it? the logs.. and are they logged because i didnt save them stupidly..."

Don't worry about those yet, though they should still be on your drive.
Will run this & see what it says.

Post 14.
"Always post logs & tell us how it is running"
Please, I don't want to keep asking.

Download Combofix from any of these, run & post the log please.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#32
October 5, 2012 at 01:51:04
apologies for delay

ComboFix 12-10-04.02 - Nima 05/10/2012 9:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3982.979 [GMT 1:00]
Running from: c:\users\Nima\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-12-12 23:00 . 2012-12-12 23:00 77919 ----a-w- c:\program files\Windows Sidebar\Gadgets\myBitCast.Gadget\uninst.exe
2012-12-12 22:56 . 2012-12-12 22:59 -------- d-----w- c:\program files (x86)\CyberLink
2012-12-12 22:56 . 2012-12-12 22:56 -------- d-----w- c:\programdata\CyberLink
2012-12-12 22:44 . 2012-12-12 22:44 -------- d-----w- c:\program files\Common Files\Intel Corporation
2012-12-12 22:44 . 2012-12-12 22:44 -------- d-----w- c:\program files\Intel Corporation
2012-12-12 22:41 . 2012-03-30 20:54 23344 ----a-w- c:\windows\system32\drivers\excfs.sys
2012-12-12 22:41 . 2012-03-30 20:54 95024 ----a-w- c:\windows\system32\drivers\excsd.sys
2012-12-12 22:41 . 2012-12-12 22:41 -------- d-----w- c:\programdata\Diskeeper Corporation
2012-12-12 22:35 . 2012-12-12 22:35 -------- d-----w- c:\programdata\P4G
2012-12-12 22:35 . 2012-04-10 05:57 193536 ----a-w- c:\windows\SysWow64\irstrtsv.exe
2012-12-12 22:35 . 2012-04-10 05:57 26504 ----a-w- c:\windows\system32\drivers\irstrtdv.sys
2012-12-12 22:33 . 2012-12-12 22:33 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-12-12 22:31 . 2012-12-12 22:31 -------- d-----w- c:\program files (x86)\ASIX Electronics Corporation
2012-12-12 22:31 . 2012-12-12 22:31 -------- d-----w- c:\program files\Elantech
2012-12-12 22:30 . 2012-12-12 22:30 -------- d--h--w- c:\windows\system32\WLANProfiles
2012-12-12 22:29 . 2012-12-12 22:29 -------- d-----w- c:\users\Public\Roaming
2012-12-12 22:29 . 2012-12-12 22:29 -------- d-----w- c:\users\Default\Roaming
2012-12-12 22:28 . 2012-12-12 22:28 -------- d-----w- c:\program files (x86)\Cisco
2012-12-12 22:28 . 2012-12-12 22:28 -------- d-----w- c:\windows\SysWow64\sda
2012-12-12 22:28 . 2011-03-15 10:09 311400 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys
2012-12-12 22:28 . 2010-11-11 06:14 17512 ------w- c:\windows\system32\drivers\diskperf64.sys
2012-12-12 22:28 . 2011-03-15 10:09 9888360 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll
2012-12-12 22:28 . 2012-02-21 20:10 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-12-12 22:28 . 2012-12-12 22:30 -------- d-----w- c:\program files\Intel
2012-12-12 22:27 . 2012-12-12 22:27 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-12-12 22:27 . 2011-11-10 09:04 60184 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2012-12-12 22:27 . 2012-03-26 17:12 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2012-12-12 22:27 . 2012-12-12 22:27 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-12-12 22:27 . 2012-12-12 22:27 -------- d-----w- c:\program files\Realtek
2012-12-12 22:25 . 2012-12-12 22:44 -------- d-----w- c:\programdata\Intel
2012-12-12 22:24 . 2012-12-12 22:28 -------- d-----w- c:\program files\Common Files\Intel
2012-12-12 22:24 . 2012-12-12 22:24 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-12-12 22:21 . 2012-12-12 22:35 -------- d-----w- c:\program files (x86)\Intel
2012-12-12 22:21 . 2012-02-02 04:58 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-12-12 22:20 . 2012-12-12 22:24 -------- d-----w- C:\Intel
2012-12-12 22:14 . 2012-12-12 22:41 -------- d-----w- C:\eSupport
2012-10-05 08:47 . 2012-10-05 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 06:43 . 2012-10-05 06:43 -------- d-----w- c:\program files (x86)\ESET
2012-10-05 05:24 . 2012-10-05 05:24 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-05 05:24 . 2012-10-05 05:31 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-10-05 05:23 . 2012-10-05 05:24 -------- d-----w- c:\programdata\AVG2013
2012-10-05 05:23 . 2012-10-05 05:23 -------- d-----w- C:\$AVG
2012-10-05 05:22 . 2012-10-05 05:22 -------- d-----w- c:\program files (x86)\AVG
2012-10-05 05:19 . 2012-10-05 08:07 -------- d-----w- c:\programdata\MFAData
2012-10-05 05:19 . 2012-10-05 05:19 -------- d--h--w- c:\programdata\Common Files
2012-10-05 02:46 . 2012-10-05 02:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-05 02:46 . 2012-10-05 02:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-05 02:34 . 2012-10-05 02:34 -------- d-----w- C:\New folder
2012-10-05 02:01 . 2012-10-05 02:01 -------- d-----w- c:\programdata\McAfee Security Scan
2012-10-05 02:01 . 2012-10-05 02:01 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-10-02 11:22 . 2012-09-19 07:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C7B8A2C-D1B2-442F-A592-F9392261E51C}\mpengine.dll
2012-09-30 00:34 . 2012-09-30 00:34 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 00:34 . 2012-09-30 00:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-30 00:34 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 10:18 . 2012-05-31 19:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-27 04:10 . 2012-09-27 04:10 -------- d-----w- c:\program files (x86)\HD Tune
2012-09-26 19:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-26 12:15 . 2012-09-26 12:15 -------- d-----w- c:\windows\SysWow64\Wat
2012-09-26 12:15 . 2012-09-26 12:15 -------- d-----w- c:\windows\system32\Wat
2012-09-25 10:52 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-25 10:43 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-25 10:30 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-25 10:30 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-25 10:30 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-25 10:30 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-25 10:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-25 10:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-25 10:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-25 10:26 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-09-25 10:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-25 10:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-25 10:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-25 10:25 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-25 10:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-25 10:24 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-25 10:24 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-25 10:24 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-25 10:24 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-25 10:24 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-25 10:24 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-25 10:24 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-09-25 10:24 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-09-25 10:24 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-09-25 10:24 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-09-25 01:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-25 01:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-25 01:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-25 01:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-25 01:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-25 01:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-25 01:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-25 01:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-25 01:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-25 01:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-25 01:32 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-25 01:32 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-25 01:30 . 2012-09-25 01:30 -------- d-----w- c:\programdata\Birdstep Technology
2012-09-25 01:30 . 2010-01-19 11:49 119680 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-25 01:30 . 2010-01-19 11:49 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-25 01:30 . 2010-01-19 11:49 119680 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-25 01:30 . 2010-01-19 11:49 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-09-25 01:30 . 2012-09-25 01:30 -------- d-----w- c:\program files (x86)\ZTE_1.2059.0.8
2012-09-25 01:30 . 2010-01-28 20:35 10240 ----a-w- c:\windows\SysWow64\drivers\mdvrmng.sys
2012-09-25 01:30 . 2012-09-25 01:30 -------- d-----w- c:\program files (x86)\3 Mobile Broadband
2012-09-25 01:09 . 2012-09-25 01:09 -------- d-----w- c:\programdata\FolderView
2012-09-25 01:08 . 2012-09-25 01:10 -------- d-----w- c:\users\Nima
2012-09-17 17:58 . 2012-09-17 17:58 56672 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-09-14 04:34 . 2012-09-14 04:34 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-09-12 10:47 . 2012-09-12 10:47 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-12 10:47 . 2012-09-12 10:47 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 15:40 . 2012-08-13 15:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-10 03:52 . 2012-08-10 03:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-09 12:56 . 2012-08-09 12:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 5626752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-12-12 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-24 549040]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe [2012-9-11 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-06-13 276288]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-02-29 34232]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [2012-09-11 234776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-18 273168]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-17 56672]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys [2012-03-30 95024]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-09-12 175968]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-09-14 105312]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-12 199520]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-05 31080]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys [2012-03-30 23344]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\SysWOW64\DptfParticipantProcessorService.exe [2012-02-20 18944]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe [2012-02-20 19968]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-03-30 79664]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2012-04-10 193536]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-05 722528]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-18 2671376]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2012-04-11 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2012-04-11 16512]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys [2012-02-20 107288]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys [2012-02-20 42776]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys [2012-02-20 64792]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys [2012-02-20 96024]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys [2012-02-20 220952]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys [2012-02-20 357656]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-05-14 200488]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-04 331264]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2012-04-10 26504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-02-29 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2012-10-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
2012-12-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-13 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-13 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-10 12476520]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-DptfPolicyLpmServiceHelper - c:\windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-05 09:48:39
ComboFix-quarantined-files.txt 2012-10-05 08:48
.
Pre-Run: 153,721,413,632 bytes free
Post-Run: 153,333,264,384 bytes free
.
- - End Of File - - C339FD180E9241FF8F7B899205D9F8E2


Report •

#33
October 5, 2012 at 01:56:34
"Post 14.
"Always post logs & tell us how it is running"
Please, I don't want to keep asking.

Ok, you still hav'nt told me, how it is running.


Report •

#34
October 5, 2012 at 01:59:58
SORRY! its running ok, im just doing the ghost to see if it blocks the tracking cookies..

no more blocked ip from malwarebytes, but i really dont know how that works..
no more chatz....

what were the logs like?


Report •

#35
October 5, 2012 at 02:17:41
"SORRY! its running ok, im just doing the ghost to see if it blocks the tracking cookies.."
Good.

"no more blocked ip from malwarebytes, but i really dont know how that works..
no more chatz...."
Perfect.

"what were the logs like?"
Combofix removed what I hope was the last.

Just to make sure, check that Malwarebytes & TDSSKiller are the latest versions, run both again ( you will have to update Malwarebytes first )


Report •

#36
October 5, 2012 at 02:30:43
Yes both are clean.

Cant thank you enough.. But just to check , should i always avoid banking and buying stuff on this laptop? Not a big problem...

Anyway thanks!


Report •

#37
October 5, 2012 at 02:33:48
AHH crap. I just noticed that chatzrum is still on chrome settings as the homepage, though its not automatically selected but it is there as an option.

Report •

#38
October 5, 2012 at 02:36:35
I just deleted it from the search engine options from google chrome.. its not on IE

Report •

#39
October 5, 2012 at 02:42:00
Ok, lets start cleaning up.

Uninstall combofix
http://www.bleepingcomputer.com/com...


Report •

#40
October 5, 2012 at 02:45:23
"chatzrum is still on chrome settings as the homepage"

I gave you the link to check all your browsers.

http://www.im-infected.com/hijacker...


Report •

#41
October 5, 2012 at 02:46:42
"found the logs..."
Ok, will have a look at those now.
This is a very neat uploader. Click on > Add Files. When you have uploaded to a site of your choosing, post the links.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

Report •

#42
October 5, 2012 at 03:24:48
hey i must have pressed the wrong link, i dont think i did.. but it installed basically the same as chatz,, but "babylon" this time...

Anyway i know what to do know! no worries!


Report •

#43
October 5, 2012 at 03:40:02
Got no idea what link you are talking about.
Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#44
October 5, 2012 at 03:48:15
It was on the screen of the link...
I had one schost attack from incoming. i dont know if thats because of the new ones or not..

I think i will just re install windos ,many thanks for ure patience with me!


Report •

#45
October 5, 2012 at 03:56:05
"I think i will just re install windos"
Ok, make sure no extra storage devices are attached, hard/thumb drive etc.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...

I use Microsoft Security Essentials ( MSE ) Free Anti Virus & Windows Firewall.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.techsupportalert.com/9be...
http://www.techsupportalert.com/bes...
http://lifehacker.com/5401453/stop-...
http://lifehacker.com/5433229/micro...
http://www.techradar.com/reviews/pc...
http://www.cnet.com.au/microsoft-se...
http://windows.microsoft.com/en-US/...
System requirements
http://www.microsoft.com/en-us/secu...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...


Report •

#46
October 5, 2012 at 19:38:34
Hey buddy. Again thanks for all your time, I actually enjoyed some of it!
It basically all started again with the "babylon" search bar that i got with a download. I went through all the steps again, got rid of babylon as i did with Chatz in the first place.... everything seemed fine but i got one incoming from china again, but only one.

Anyway, many thanks for the info about reinstall but i think its best i call someone to do it for me as i would probably mess that up too. But i will point him to your notes!

By the way on my start up on msconfig theres one called "Dptfpolicylpmservicehelper.exe" its the only on startup with "unknown" publisher. I think Dptf is something to do with ASUS but theres a couple of other files with the same DPTF but it says ASUS instead of unknown.... just thought it might mean something..

Anyway, im decided in reinstall, so u wish u all the best and thx


Report •

#47
October 5, 2012 at 22:58:47
Yep, what's happening now is all bad news, it is always better when we can crack it, but sometimes it's not possible.

Good luck with the new install.


Report •

#48
October 7, 2012 at 08:36:35
ash1981,
Be SURE to save all valuable files, pics, docs, etc BEFORE you do a re-install....as they will all disappear into cyberspace if you don't....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •


Ask Question