Random popups and super slow internet

Dell INSPIRON 1525
August 13, 2009 at 16:06:00
Specs: Microsoft Windows Vista Home Premium, 1.833 GHz / 3061 MB
Alright so... I've been getting these annoying popups, when I start up mozilla firefox, anddd it's also really slow, especially when I go on youtube or try to search google or something. I'd like some help to get this fixed.

I've already read this thread: http://www.computing.net/answers/se...

So I have Hijack This, SmitfraudFix, Malwarebytes - AntiMalware, And AVG pro or whatever.

I've done scans with all of them, and have had them find infections n shiz. But after I cleared the infections they found/got rid of them, they didn't exactly fix the problem, cause I still get popups and it's slow, sooo I thought I'd come post on here. Hope you guys can help. I don't know how to look for errors or whatever in Hijack This, sooo I can't do it by myself.

Thanks in advanced.


See More: Random popups and super slow internet

Report •


#1
August 13, 2009 at 16:51:36

Report •

#2
August 14, 2009 at 01:37:49
Malwarebytes' Anti-Malware 1.40
Database version: 2615
Windows 6.0.6001 Service Pack 1

8/13/2009 1:39:10 AM
mbam-log-2009-08-13 (01-39-03).txt

Scan type: Quick Scan
Objects scanned: 81561
Time elapsed: 22 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.

Files Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.


Report •

#3
August 14, 2009 at 07:07:49
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
August 14, 2009 at 17:21:22
Malwarebytes' Anti-Malware 1.40
Database version: 2627
Windows 6.0.6001 Service Pack 1

8/14/2009 5:18:32 PM
mbam-log-2009-08-14 (17-18-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 214013
Time elapsed: 1 hour(s), 57 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/14/2009 at 05:11 PM

Application Version : 4.27.1002

Core Rules Database Version : 4057
Trace Rules Database Version: 1997

Scan type : Complete Scan
Total Scan Time : 01:39:38

Memory items scanned : 786
Memory threats detected : 0
Registry items scanned : 6052
Registry threats detected : 1
File items scanned : 24889
File threats detected : 18

Adware.ShopAtHomeSelect
HKU\S-1-5-21-2217023923-2189465741-800903992-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@msnportal.112.2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@collective-media[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@oasn04.247realmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@questionmarket[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@microsoftwlmessengermkt.112.2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@ad.yieldmanager[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@247realmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@ads.pointroll[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@serving-sys[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@insightexpressai[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@2o7[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@mediafire[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@atdmt[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@socialmedia[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\shane_lazyoh@bs.serving-sys[1].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\Low\shane_lazyoh@media6degrees[2].txt
C:\Users\Shane Lazyoh\AppData\Roaming\Microsoft\Windows\Cookies\Low\shane_lazyoh@lfstmedia[2].txt

Trace.Known Threat Sources
C:\Users\Shane Lazyoh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4C4VX6DH\cuhp_twista[1].jpg


Report •

#5
August 14, 2009 at 19:15:26
Follow these steps in order numbered:

1) Download GMER: http://gmer.net/download.php
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it rapidshare.com. Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
August 14, 2009 at 21:22:10
File name: wkou6klv.exe

Gmerlog: http://rapidshare.com/files/2675295...


Report •

#7
August 14, 2009 at 22:21:44
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #1

1) Ensure all Firefox windows are closed.

2) To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

3) When prompted to run the scan, click Yes.

4) GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
August 15, 2009 at 00:05:16
GooredFix by jpshortstuff (12.07.09)
Log created at 23:58 on 14/08/2009

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:08 29/03/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [09:47 10/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:53 28/03/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [19:24 29/03/2009]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [04:05 09/04/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [12:57 12/08/2009]
"avg@igeared"="C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared" [16:04 12/08/2009]

-=E.O.F=-


Report •

#9
Report •

#10
August 15, 2009 at 05:36:37
Mmm, nope.

I restarted mozilla after doing all that, then restarted my computer, anddd I still get 2 tabs whenever I open it. It's always some random pop up, anddd google (my homepage). Also, it's still slow. Whenever I go and watch a youtube video or something, I can't have it playing in the background while doing things such as mess with facebook or something else. I can only watch the video otherwise my browser effs up and I can't do anything.

But, good thing is, whenever I click a link or something or open a new tab, etc, I don't get random pop ups. :D It's only when I start up firefox, and it never did that before this problem. D;

Think you can still help?


Report •

#11
August 15, 2009 at 05:56:12
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] DDS Logs

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#12
August 15, 2009 at 14:48:38
AVZ logs: http://rapidshare.com/files/2677910...

DDS logs: http://rapidshare.com/files/2677957...

(Contains both DDS log and Attack.txt)

Hope I did that right.


Report •

#13
August 15, 2009 at 15:51:39
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 StopService('GarenaPEngine');
 DeleteService('GarenaPEngine');
 QuarantineFile('C:\Program Files\Winferno\PC Confidential\PCConfidential.exe','');
 QuarantineFile('C:\Users\SHANEL~1\AppData\Local\Temp\EKZ1BA8.tmp','');
 DeleteFile('C:\Users\SHANEL~1\AppData\Local\Temp\EKZ1BA8.tmp');
 DeleteFile('C:\Program Files\Winferno\PC Confidential\PCConfidential.exe');
 DeleteFile('c:\windows\tasks\PCConfidential.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(true);
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.


A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

3) Only keep one 1 Antivirus and 1 Anti-Spyware on your system because they conflict with each other. Uninstall rest of them.

4) Start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Upload virusinfo_syscheck.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

In your next reply, please include download links to the following:
[*] virusinfo_syscheck.zip

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#14
August 15, 2009 at 17:42:02
File: http://rapidshare.com/files/2678413...

Report •

#15
August 15, 2009 at 21:32:39
Problem fixed or still there? complete step 2.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#16
August 15, 2009 at 22:05:27
No problem not fixed I still get the pop up and doesn't wanna work with any other windows open.

Lol oops forgot about that step.

http://rapidshare.com/files/2678917...


Report •

#17
August 15, 2009 at 22:55:37
Anything else besides firefox pop ups?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#18
August 16, 2009 at 01:17:33
Uhhhh, yeahhh.

Facebook is really slow and laggy, and I can't use it with multiple windows open.

Like, I try to use the chat, and it takes forever to load, anddd sometimes never does. I try to go to other people's profiles or something, and it takes forever, n sometimes never even works.

Even google searches go slow. Like it shows one result at a time.


Report •

#19
August 16, 2009 at 06:29:54
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#20
August 16, 2009 at 18:15:32
Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok.

Follow:
Run a full scan with http://www.eset.com/onlinescan/

# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.

Illustrated tutorial: http://img155.imageshack.us/img155/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#21
August 17, 2009 at 01:42:10
Log: http://rapidshare.com/files/2682950...

It doesn't look right to me, but whatever...


Report •

#22
August 17, 2009 at 05:24:13
Still experiencing problems?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#23
August 17, 2009 at 14:52:30
Yessir. D;

Hey man, sorry for all this i'm havin' you do, I just really want this fixed. I apapreciate everything you're doing, by the way. :)

Okay so I still have the one popup when I start it up, and sites are still slow. This doesn't happen with IE, but I hate IE, sooo I don't wanna use it. I want mozilla fixed. I thought about reinstalling mozilla... But I don't wanna look all my toolbars n shiz.

Can you still help?


Report •

#24
August 17, 2009 at 15:30:10
Seems your better off doing clean install. Scan aren't picking up anything.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#25
August 17, 2009 at 17:33:11
Alright, i'll do that then.

Is there anyway to save/keep my bookmarks/installed toolbars on the program?

Thanks.


Report •


Ask Question