Solved Only google.com and it's services are working!!!!

April 12, 2013 at 09:56:28
Specs: Microsoft Windows 7 Ultimate - 32 bit, AMD Athlon II X4 630 Processor 2.80 GHz / 4 GB
Hi,

I am running windows 7 ultimate. I have installed two security software Malwarebytes Anti-Malware and Microsoft Security Essentials which I think everyone should have.

I am having Internet Explorer 10 and Mozilla Firefox 19.0.2 and updating.

When I connect to internet one day I found that only google.com is working, other websites like download.com, etc. are not working. I can see waiting for www.download.cnet.com on my browser's tab which is same for other websites while accessing except www.google.com and it's other services like gmail, youtube, etc.

On that day I tried to redial but not helped. But when I pressed refresh in network connection and redial I can access above sites OMG.

Today when I was searching on google to figure out this issue, I opened first 2-3 results of google. But I can't open them, they were loading and loading only. I have pasted screen shot here for you guys to understand properly. http://s24.postimg.org/l8a06p2np/lo... Also the weird thing is today I can access download.com and few others but can't access support.microsoft.com, yahoo.com, etc.

One thing is noticeable that every time when I connect to internet I stop "Website blocking" of malwarebytes because it creates frame lag in game, creates stuttering while playing music and mouse lagging, etc.

I don't know why this weird thing is happening to me. Someday I find download.com is not working on the other day it is working, I mean what kind of miracle is this :S

This all is frustrating me, please help!!!!


See More: Only google.com and its services are working!!!!

Report •

✔ Best Answer
July 3, 2013 at 16:21:26
"Same issue.....problem is not resolved!!!"
Ok, now you appear to be clean, it's time to repair the damage done by the infections.
Let me know of any of any issues after trying each step.

EXACT error messages, if you get any, please.

Run Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
Tweaking.com - Windows Repair is an all-in-one repair tool to help fix a large majority of known Windows problems including registry errors and file permissions as well as issues with Internet Explorer, Windows Update, Windows Firewall and more.
Malware and installed programs can modify your default settings. Tweaking.com - Windows Repair is the tool you need to restore Windows original settings.

Check the following:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair Volume Shadow Copy Service
Repair File Association
Restore Important Windows Services



#1
April 12, 2013 at 10:20:00
Try these 3 free progs to help remove the redirect in EXACTLY the order listed
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://www.bleepingcomputer.com/dow...
3- malwarebytes (YES, run this again)

Do the SAME order in safe mode with networking if it doesn't catch the problem immediately.

You may also want to try Malwarebytes Anti-rootkit
http://www.malwarebytes.org/product...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#2
April 13, 2013 at 01:39:49
Thanks XpUser4Real,

I have done scanning in both safe and normal mode and rkill.exe & tdss killer both have found nothing.

But malwarebytes found threats though I think they are false or inactive. I have taken no action for them.

One thing is noticeable that I can't access the link which you have provided for Malwarebytes Anti-rootkit.

What should I do now?


Report •

#3
April 13, 2013 at 08:20:20
post the malwarebytes results as you said you took no action on the results

Here is a different link to malwarebytes anti-rootkit
http://www.bleepingcomputer.com/dow...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

Related Solutions

#4
April 14, 2013 at 05:24:12
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.12.10

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16540
admin :: ADMIN [administrator]

Protection: Disabled

13-Apr-13 11:50:54 AM
MBAM-log-2013-04-13 (12-39-43).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 523802
Time elapsed: 43 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
F:\*****\STRAP1\3DG32.DLL (Spyware.Zbot.USBV) -> No action taken.
F:\*****\brutus-aet2.zip (HackTool.Brutus) -> No action taken.
F:\*****\dup2.rar (PUP.Hacktool.Patcher) -> No action taken.
F:\*****\sony software\keygen..rar (Trojan.Downloader) -> No action taken.
F:\*****\ultrasurf(hideip).zip (PUP.HackTool.Proxy) -> No action taken.
F:\*****\Alcohol120_trial_1.9.8.7612.exe (Malware.Packer.GenX) -> No action taken.
F:\*****\daemon400.exe (Adware.WhenU) -> No action taken.

(end)


Report •

#5
April 14, 2013 at 05:28:19
still I can not download malwarebytes rootkit from this website also....even not helping though I have IDM

Report •

#6
April 14, 2013 at 06:09:25
Thanks XpUser4Real for reply but somehow I found the solution.

I have okayfreedom installed. If I connect to internet using okayfreedom then I can access all sites or if I just open that program and exit and again connect to internet normally, then also I can access all site.

So can you give me any proper solution?


Report •

#7
April 14, 2013 at 07:30:25
Thanks for the results and let's see if the following progs will remove the problems.

Give these 2 free fully working trials a shot
1- Trojan Remover
http://www.simplysup.com/tremover/d...
2- Hitman Pro
http://www.surfright.nl/en/downloads
and run them both until they run clean....then you can uninstall them

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#8
April 14, 2013 at 20:48:16
Will this really gonna help? 'Cause I have run malwarebytes ant rootkit and all above programs along with MSE, and they found nothing.

So I don't think my pc is having any active Trojan or any spyware or malware, rather it is clean.

As per my thought it is a software problem caused by okayfreedom, nothing else!, this is only my point of view, you are professional so if you want me to run these tools then I am agree to do so.

Waiting for reply for further action!


Report •

#9
April 14, 2013 at 22:06:59
Please run the progs, they find things that others miss. MS Security Essentials is not the best anti-virus, nor the strongest. In my opinion Avast Free is much better.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#10
April 15, 2013 at 16:17:11
Sure, run the programs to make sure, but have you tried disabling or uninstalling okayfreedom?

Makes me wonder if okayfreedom is causing this issue, especially if it is happening on both IE and Firefox.

Always pop back and let us know the outcome - thanks


Report •

#11
April 15, 2013 at 16:40:34
Actually I installed okayfreedom on 2 of my PC's win 7 and xp pro and no problems whatsoever.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#12
April 15, 2013 at 16:44:37
XpUser4Real

OK thanks - doesn't sound like that's the problem then.

Always pop back and let us know the outcome - thanks


Report •

#13
June 8, 2013 at 00:11:11
I don't know what causing waiting for some websites but it started again, even though I have uninstalled okayfreedom. May be my earlier guess about okayfreedom is wrong.

I'm pissed off now.!!! Help!!!


Report •

#14
June 8, 2013 at 06:16:35
Install CCleaner Slim from here and run it:
http://www.majorgeeks.com/files/det...
This clears temporary internet files and other junk out of the system and is a good program to run from time to time.

If you have any unwanted addon toolbars or their remnants these can cause issues.
This program will get shot of them:
http://www.bleepingcomputer.com/dow...
The Scan button will show you what is there (under headings) and the Delete button will remove them all.

If you are still in trouble I can only imagine this is a connections issue. From Search type cmd.exe which should produce a black box with white text. Type ipconfig /flushdns then hit Enter key (note the one space).

If you are still in trouble after this, let us know about your internet arrangements. From what you have said it sounds like dial-up. It is possible that your connection is running too slowly or failing at times.

Always pop back and let us know the outcome - thanks


Report •

#15
June 8, 2013 at 09:43:34
this is the log file of adwcleaner :
# AdwCleaner v2.302 - Logfile created 06/08/2013 at 22:10:08
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : admin - ADMIN
# Boot Mode : Normal
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option [Search]

***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Users\admin\AppData\Local\PackageAware
Folder Found : C:\Users\admin\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKU\S-1-5-21-4291870420-902603639-2396003150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKU\S-1-5-21-4291870420-902603639-2396003150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e7fadjtz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2795 octets] - [08/06/2013 22:10:08]

########## EOF - C:\AdwCleaner[R1].txt - [2855 octets] ##########

I have installed IE 10 and Mozilla Firefox 21.0, no other browser is installed.!!

Let me know what to do now?


Report •

#16
June 8, 2013 at 13:26:49
Thanks for the log. It has found a lot of junk, including some which is renowned for being "not nice". Most of it is to do with IE only, so I doubt they are the reason for your issues. DVDVideoSoft (on the list) is OK but I have used that program myself and there is need for a browser toolbar - I doubt you even knew about it. I suggest you hit the Delete button and let it remove the lot. It will not affect the running of any program and you would be better off without it all.

As for your main issue, see if the other suggestions help.

Always pop back and let us know the outcome - thanks


Report •

#17
June 10, 2013 at 18:13:12
thanks for reply,

You mean whatever adwcleaner has found is junk and remove it? Doing this will solve my problem and won't arise any new problem?

I tried ipconfig /flushdns but didn't helped.!!!


Report •

#18
June 10, 2013 at 18:50:21
Using the Delete button will not cause any problems - try it and see if it helps.

Always pop back and let us know the outcome - thanks


Report •

#19
June 11, 2013 at 02:55:06
This is the log file of adwcleaner after clicking on delete.

# AdwCleaner v2.302 - Logfile created 06/11/2013 at 14:50:23
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : admin - ADMIN
# Boot Mode : Normal
# Running from : C:\Users\admin\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\admin\AppData\Local\PackageAware
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e7fadjtz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2924 octets] - [08/06/2013 22:10:08]
AdwCleaner[S1].txt - [2725 octets] - [11/06/2013 14:50:23]

########## EOF - C:\AdwCleaner[S1].txt - [2785 octets] ##########

After this I have tried to open www.yahoo.com but result was same (Waiting for response from yahoo.com).

One thing I want to mention that I have also tried ping -t www.yahoo.com from cmd.exe and got reply from yahoo.

I have posted one thread for the same problem on majorgeeks.com, and I want you to refer that because may be I forgot to mention something which I have wrote in this thread, also might help for understanding my problem deeply. The link for that thread is : http://forums.majorgeeks.com/showth...

While writing this thread I got message from malwarebytes antimalware and I took screenshot and the link is : http://s10.postimg.org/ep44b3xl5/pr...

Please do something that will get me rid from this problem.


Report •

#20
June 11, 2013 at 07:49:17
ADW now clean - definitely worth running but obviously not the reason for your problem. IMO try to avoid CNet if you can get things elsewhere - I am suspicious about their downloader amongst other things. FileHippo, BleepingComputer, Softpedia, and MajorGeeks, are (to my mind) safer bets.

Your MalwareBytes report shows that it was just blocking your access to a suspicious website - in other words it was doing its job. If it's the trial it will no longer do that when it becomes the free version - it is still a good program to have available though.

You have not given your network information but I'm inclined to think that it sometimes slows down or stops and that is where your problem lies. Check your speeds with one of the many online free speed checkers. If you have any doubt ask your server about it. Let's see what the other forum make of it too.

Nothing to do with it but for security you ought to have the latest Firefox version (21.0). Go to "Firefox > Help > About Firefox" to get it.

"Please do something that will get me rid from this problem"
I understand your dilema but only you can fix it - we only give advice.

Always pop back and let us know the outcome - thanks


Report •

#21
June 11, 2013 at 22:34:43
Derek I really appreciate for your help.

Which information about my network you want? See i'm the beginner and don't know much about networks, so please specify which information you want along with the steps if it is difficult to get.

"I'm inclined to think that it sometimes slows down or stops and that is where your problem lies."
I partially agree with this but if this is the actual cause of my problem then why only yahoo.com and such websites are not responding!

I just forgot to tell you that about two days ago I have tried to open answers.yahoo.com and it does, I mean yahoo.com is not opening but answers.yahoo.com open. Through answers.yahoo.com I just clicked on sign in to check my mails, but it is waiting for response just same as yahoo.com! Isn't this weird?

Let me tell you one thing also, let us assume one software say glary utilities which I have installed. Now assume that there is an update for the software available, and always almost every software pops up with the message that new version is available just as glary utilities do. So this means that it connects to the website to get the information about the version availability through my internet to check weather there is new version available or not.

So I want to say that glary utilities successfully connects to glarysoft.com that is a software is able to connect to its website through my internet. But if I try to open glarysoft.com in my browser then it just won't and says waiting for response/reply.

So in simple words any software can connect to their websites but I can't open that website through my browsers. Are you understanding what am I trying to say?

Also yesterday at about 9.00 PM I opened majorgeeks.com to check the forums post, and I noticed that majorgeeks loaded fully(loaded all contents of the webpage) which won't load before and even today morning. Like yesterday at 9.00 PM there was a miracle!!!

Now can you understand from which confusion I'm passing through and can't help myself to solve the problem.!!!

"If you have any doubt ask your server about it."
I don't think there are such experts working in my ISP to solve this particular problem. I'll call them but don't expect any progress or help.

Derek have you referred my earlier posts regarding okayfreedom!
Turning on the okayfreedom I can access all these websites which I can't when it is turned off. So I decided to uninstall it but it doesn't helped me!

I want you to consider all my posts and I swear it will help you to find some solution, as you are an expert.

Thanks,
Sahil Khan


Report •

#22
June 12, 2013 at 09:38:00
I have ideas if you were never able to access specific websites but the weird thing is that sometimes you can and sometimes you can't, on either browser. The only common factors seem to be the system itself and your connection.

I haven't much faith in those tune-up facilities so am wondering if it would be any different if you uninstall Glary Utilities. Maybe it is interfering.

Could you let me know what virus checker you are using and any firewall programs.

As for the network it would be interesting to know whether it is dial-up or broadband, if you have modem or a router, and whether you are wirelessly connected from your computer. Just want a rough idea of your setup.

I am running out of ideas but maybe something will come out of the above.

Always pop back and let us know the outcome - thanks


Report •

#23
June 12, 2013 at 13:07:55
I am using Microsoft Security Essentials and MalwareBytes Antimalware as well. No external firewall program is installed means I used windows firewall.

The connection is broadband (WAN Miniport PPPOE), and it connects using Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20).

Is it enough for or I try hard to find something else which you want. Please let me know and don't hesitate.

Thanks


Report •

#24
June 12, 2013 at 14:50:29
Did you run the progs I suggested in Response # 7? They find things that others miss....

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#25
June 12, 2013 at 15:06:18
Yes, I hope you did run those programs suggested in #7 - I was basing my thoughts on that assumption. If not, run them now as described.

Sorry, I see you'd already mentioned your virus checker. My main concern right now was that it might be interfering with your internet but MSE does not usually do that. It is OK to run MalwareBytes when required but not permanently in the background as well as another antivirus.

I see from the screenshot on the other website that you were waiting for yahoo to open while downloading some software. If your internet bandwidth is insufficient then it could be too busy with the download to open yahoo. Did you do an internet speed check as suggested earlier?

Did you try uninstalling Glary Utilities?

When we suggest you do something please make it clear whether or not you have done so.

Always pop back and let us know the outcome - thanks


Report •

#26
June 15, 2013 at 01:05:27
I have done scanning with HitmanPro, Microsoft Security Essentials and Malwarebytes Anti-Rootkit.

The logs are uploaded here :

http://www.fileconvoy.com/dfl.php?i...

The log of Trojan Remover will be provided later because its scanning is running.


Report •

#27
June 15, 2013 at 04:45:55
The log file of Trojan Remover is uploaded here : http://www.fileconvoy.com/dfl.php?i...

I have scanning of C: & F: drives.

Thank You,
Sahil Khan


Report •

#28
June 15, 2013 at 08:54:23
You can try a bootscan using Avast:
http://www.filehippo.com/download_a...
Move all it finds to the chest.

I did notice you have Brutus hacktool installed....you may want to remove it.
F:\*****\brutus-aet2.zip (HackTool.Brutus) -> No action taken.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#29
June 15, 2013 at 10:59:19
Did you do an internet speed check, if so what were the figures?

Did you try uninstalling Glary Utilities?

Always pop back and let us know the outcome - thanks


Report •

#30
June 16, 2013 at 04:00:00
Thanks XpUser4Real for reply,

I didn't tried avast bootscan yet, but I want to share log file of Malwarebytes Antimalware, Spybot S&D and Hijackthis.

This logs i'm uploading and sending to you because I did search on google for this problem and many have told to do this. Please advise me what needs to be fixed.

I have removed brutus hacktool which you can see in malwarebytes log file. Also I have immunized my system with Spybot S&D, is it ok?

Please note that Hijackthis and malwarebytes have been run into safe-mode with networking, and spybot is ran into normal mode.

The logs are uploaded here :

http://www.fileconvoy.com/dfl.php?i...


Report •

#31
June 16, 2013 at 04:12:07
@ Derek

I have done the speed test and the result is here : http://ping-test.net/test/781375

I have tried to do this test from www.pingtest.net and www.speedtest.net but both of these websites were watiting for response just same as www.yahoo.com so I have done this test on above shown website, I don't know it is ok or not.

I haven't uninstalled glary utilities yet because my mind is not set to do so. Also from my point of view it doesn't seems to cause any problem, but as you are an expert so if you still insist me then i'm ready to uninstall it. So pl. let me know regarding this.

Thanks


Report •

#32
June 16, 2013 at 15:51:21
Thanks for the information.

All the speed test figures are poor. Are they anything like you should be expecting from the package you are paying for? If not then contact your server and see if they can do anything to increase your speed. This is the one area where they can sometimes be helpful. There could be times when the speed is even slower, maybe preventing you from opening a website.

Uninstalling Glary Utilities was only suggested to see if it might be causing any issues. If it can be uninstalled, then installed again if it doesn't help, it would be a good idea to do try it. However it is entirely up to you, as it might not be anything to do with your issue.

Always pop back and let us know the outcome - thanks


Report •

#33
June 16, 2013 at 18:16:08
I think whatever figures from the speed test came are satisfactory because the package which I am paying for is of 400 Kbps. I have tried to call them but they said that "we do not block any websites, this problem is from your side not from us, so in this case we can do nothing."

Did you see my logs of hijackthis and spybot?
If so, did you find anything to fix?

Thanks


Report •

#34
June 16, 2013 at 18:40:23
No time to check logs properly (2.40am here in UK so I'm off to bed), however GET RID OF ADVANCED SYSTEM CARE - see this:
http://download.cnet.com/Advanced-S...
Even the best of those programs cause more problems than they fix and this one is a scam. Uninstall it and avoid all magic registry fixers and cure-alls in future.

Back sometime...

Always pop back and let us know the outcome - thanks


Report •

#35
June 17, 2013 at 01:28:17
I have advanced system care 6 installed on my pc. Earlier I have uninstalled it but it doesn't fixed my problem. So I just reinstalled it, thought might it help so speed up my pc and internet.

So, uninstall it anyway?


Report •

#36
June 17, 2013 at 07:39:39
Did you read the warnings on that link? Few helpers on here rate those sort of programs and that one appears to be a scam. However, it is your computer so it is entirely up to you whether you have it installed or not.

Also take a look at the discussion here about SweetIM:
http://forums.spybot.info/archive/i...
The only people who seem to be saying it is OK is SweetIM themselves. It is not the sort of thing I would want on my computer and my advice is to uninstall it (if you can).

It does seem that you have installed a fair amount of dubious stuff. It is hard to say if any one program is causing your issues but the more unnecessary and suspect goodies you have on board the greater your chances of problems.

When you are online, press Ctrl-Alt-Del and see what is showing under the Applications tab. The only thing that really ought to be running is the browser you are using. You could also look under the Processes tab to see if anything unusual is showing. Similarly go to "Control Panel > Add-Remove Programs" and go through the list of installed programs to see if there are any unwanted programs there.

Always pop back and let us know the outcome - thanks


Report •

#37
June 17, 2013 at 18:33:27
@ Derek

You have changed my mind, and I uninstalled glary utilities and advanced system care both. But I still not able to connect yahoo.com.

I can give the list of installed programs. Please suggest me which needs to be removed.

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.3.0.29625)
32 Bit HP CIO Components Installer (Version: 6.1.1)
7-Zip 9.22beta
Adobe AIR (Version: 3.5.0.600)
Adobe Download Assistant (Version: 1.2.3)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced RAR Password Recovery (remove only)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0704.122.388)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
AMD VISION Engine Control Center (Version: 2012.0704.122.388)
ArduoPdfMerger
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.14)
Atheros Ethernet Utility (Version: 1.1.0.7)
AutoCAD 2012 - English (Version: 18.2.51.0)
BlueStacks (Version: 0.7.3.2605)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
Catalyst Control Center Localization All (Version: 2012.0704.122.388)
CCC Help Chinese Standard (Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (Version: 2012.0704.0121.388)
CCC Help Czech (Version: 2012.0704.0121.388)
CCC Help Danish (Version: 2012.0704.0121.388)
CCC Help Dutch (Version: 2012.0704.0121.388)
CCC Help English (Version: 2012.0704.0121.388)
CCC Help Finnish (Version: 2012.0704.0121.388)
CCC Help French (Version: 2012.0704.0121.388)
CCC Help German (Version: 2012.0704.0121.388)
CCC Help Greek (Version: 2012.0704.0121.388)
CCC Help Hungarian (Version: 2012.0704.0121.388)
CCC Help Italian (Version: 2012.0704.0121.388)
CCC Help Japanese (Version: 2012.0704.0121.388)
CCC Help Korean (Version: 2012.0704.0121.388)
CCC Help Norwegian (Version: 2012.0704.0121.388)
CCC Help Polish (Version: 2012.0704.0121.388)
CCC Help Portuguese (Version: 2012.0704.0121.388)
CCC Help Russian (Version: 2012.0704.0121.388)
CCC Help Spanish (Version: 2012.0704.0121.388)
CCC Help Swedish (Version: 2012.0704.0121.388)
CCC Help Thai (Version: 2012.0704.0121.388)
CCC Help Turkish (Version: 2012.0704.0121.388)
ccc-utility (Version: 2012.0704.122.388)
CCleaner (Version: 4.02)
Condition Zero (Version: 1.2)
Counter-Strike 1.6 (Version: 1.6)
DAEMON Tools Lite (Version: 4.45.4.0315)
EPU-4 Engine (Version: 1.02.01)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
FileHippo.com Update Checker
Flash Movie Player 1.5 (Version: 1.5)
Free Studio version 2013 (Version: 6.0.0.128)
FREE Word and Excel password recovery Wizard version 2.1.11 (Version: 2.1.11)
HiJackThis (Version: 1.0.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Mega Codec Pack 9.2.0 (Version: 9.2.0)
Lyrics Plugin for Windows Media Player (Version: 0.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual Basic Power Packs 3.0 (Version: 9.0.30214)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.03.1303)
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.10900.31.0)
neroxml (Version: 1.0.0)
Nexon Game Manager
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.180.64)
PC Connectivity Solution (Version: 11.5.29.0)
Picasa 3 (Version: 3.9)
PowerDVD (Version: 7.0.2414.0)
Revo Uninstaller 1.94 (Version: 1.94)
Skype™ 5.10 (Version: 5.10.116)
Smart File Advisor 1.1.1 (Version: 1.1.1)
Sony Ericsson Update Engine (Version: 2.13.4.16)
Sony Ericsson Update Service (Version: 2.11.4.11)
Sony PC Companion 2.10.136 (Version: 2.10.136)
SpeedFan (remove only)
Switch Sound File Converter
Turbo Key (Version: 1.01.03)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager (Version: 1.34)
VideoPad Video Editor
War Rock
WavePad Sound Editor
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
=============================================================

Thanks


Report •

#38
June 17, 2013 at 18:54:55
That all looks fine to me.

Did you find anything running in "Task Manager > Applications" when you were online?
Best take a look at Processes tab too.

Always pop back and let us know the outcome - thanks


Report •

#39
June 17, 2013 at 23:46:41
I have just go through application when I am open, and there is only my browser listed.

In process tab almost all process are of system, only browsers process and MSE process are running. I don't find any suspicious process.

What is the result of my logs posted above?

Thanks


Report •

#40
June 18, 2013 at 07:35:18
I have looked at all the logs except SpyBot and they seem fine. Sorry, SpyBot has expired - maybe you can put it up again. Apart from SpyBot and HJT did you allow all other programs to delete everything they found?

Although it is as well to ensure any "nasties" are out of the way, I am coming back to the idea of this being a network issue, especially as the only problem you seem to have is the inability to reach websites from any browser "at times".

On my previous XP I had a marked improvement after running this program (despite my initial scepticism of such things):
http://www.neowin.net/forum/topic/1...
You set the slider then apply the changes. Your original settings are saved. Your issue could be partially down to network slowness but maybe the above optimizer will give you that necessary extra. Windows 7 looks after a lot of it but there still could be some benefit.

It's hard to see why network card drivers should cause these intermittent symptoms but I suppose we should check that they are up to date. I've not been unable to unearth an official website for your drivers but most seem to agree with this 2010 version:
http://www.atheros.cz/atheros-wirel...
Are yours up to date?

If by any chance you are in the UK let me know because there is a neat way to improve your phone line for ADSL. I doubt it applies elsewhere but I could check if need be.

Always pop back and let us know the outcome - thanks


Report •

#41
June 18, 2013 at 11:23:49
The logs are uploaded here :
Also 1 new log is uploaded. It is of startup list made by HJT.

http://www.fileconvoy.com/dfl.php?i...

"Apart from SpyBot and HJT did you allow all other programs to delete everything they found?"

No I didn't even run any program except you ask for it.

The optimizer which you have provided, I already knew about it and has already optimized system after I have installed OS.

"Are yours up to date?"

Yes they are up to date.

"If by any chance you are in the UK let me know because there is a neat way to improve your phone line for ADSL. I doubt it applies elsewhere but I could check if need be."

I'm from India.

It seems you have completely understood my problem and will find some solution.

Really hoping for that.

Thanks


Report •

#42
June 18, 2013 at 14:13:07
"Apart from SpyBot and HJT did you allow all other programs to delete everything they found?"

By that I meant did you run all the programs we have asked you to run so far and let them delete everything they found?

I'll take a look at the new logs.

Always pop back and let us know the outcome - thanks


Report •

#43
June 18, 2013 at 15:24:05
Didn't spot anything to worry about in your HJT (including startup list) but I'm afraid that program is way out of date, so it can wrongly report processes that are now in different places.

ilivid.Toolbar (like most toolbars) messes with your system. I would let SpyBot remove it.
There are lots of complaints about SweetIM so consider uninstalling that too. I've not used SpyBot for years so I've no idea whether you can trust it to remove everything it reports. Much of it seemed unimportant.

In terms of your specific issue see if you can temporarily disable Disable "Qualis" and "Bluestacks" somewhere. There is probably a service for Bluestacks which can be disabled. I just want to see if either of these is causing your problem.

Always pop back and let us know the outcome - thanks


Report •

#44
June 19, 2013 at 06:17:46
Hi sahilkhan, been going through some of your logs.
The ones on this link have expired.
http://www.fileconvoy.com/dfl.php?i...

Basically they are all showing as clean, including mbar-log-2013-06-15.php
"Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.15.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 admin :: ADMIN [administrator]
15-Jun-13 12:44:54 PM mbar-log-2013-06-15 (12-44-54).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P Scan options disabled: PUP Objects scanned: 244187 Time elapsed: 8 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)"

This does not mean you are infection free, lets check even deeper.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
A introduction as to what this program does.
http://www.bleepingcomputer.com/for...
For those of you who no longer have the %Temp%\Smtmp folder, you will not be able to use Unhide to restore your Start Menu items. With this in mind, I have created some scripts to restore the default Start Menu for specific versions of Windows that I have access to. You can view the available versions below. I will be adding more as time goes on.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run ComboFix & post the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#45
June 20, 2013 at 06:27:13
@ Derek

Yes, I had run all those programs you told me to and deleted whatever was detected.

I removed { ilivid.toolbar and SweetIM } using SpyBot.
I had uninstalled both toolbars { ilivid.toolbar and SweetIM } itself on the day of installing but I don't know how this registry were left behind.

Same issue with Soluto. I used it for 10 - 15 days but I uninstalled it.

Note : I use " Revo uninstaller " to uninstall any of the programs/software.

I tried disabling { Qualys and Bluestack } but it did not helped.

I want you to give name of any of the software which help me to remove leftover registry and also removes them at time of uninstalling.

Thanks


Report •

#46
June 20, 2013 at 07:23:42
"I want you to give name of any of the software which help me to remove leftover registry and also removes them at time of uninstalling"

You have been using it.

Revo Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
Open Revo, double click on a program logo, click > Yes & then you get your options, with Advanced down the bottom.
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.

http://i.imgur.com/dXJGX1q.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif



Report •

#47
June 20, 2013 at 07:30:10
@ JohnW

I always do the same steps suggested by you while uninstalling the programs.

But it did not help me.

Thanks.


Report •

#48
June 20, 2013 at 07:42:49
Ok sahilkhan, do the stuff in my post #44 please.

Report •

#49
June 22, 2013 at 11:07:21
Greetings !! Miracle!!!

" www.yahoo.com " and " www.msn.com " is now working but still I am unable to open " www.ymail.com " and some other sites too. Well that's little weird but I am little happy for little progress.

To,
John

I have got busy in completing my work so " Mission : Run Combofix " is delayed.
But I will try to accomplish mission soon.

I would also like to ask that " Is there program to delete leftover registry because I don't want them on my system anymore. (only those registry which I know ) "

Note : Please do answer the above question. I do not want to divert the topic but this is just for sake of my knowledge. I shall do it after my problem gets solved.

Sorry for the late reply.

Thanks


Report •

#50
June 22, 2013 at 11:11:25
To,
John

The log of Unhide.exe is below.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 06/20/2013 08:06:23 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 158519 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 5134 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 135996 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 40623 files processed.

The C:\Users\admin\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowRecentDocs was set to 0! It was set back to 2!

Program finished at: 06/20/2013 08:10:16 PM
Execution time: 0 hours(s), 3 minute(s), and 52 seconds(s)


Report •

#51
June 22, 2013 at 11:19:17
To,
John

Please do tell me that was there problem in thing highlighted in BOX

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
-------------------------------------------------------------------
| * DisableTaskMgr policy was found and deleted! |
-------------------------------------------------------------------

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
------------------------------------------------------------------------------------
| * Start_ShowRecentDocs was set to 0! It was set back to 2! |
------------------------------------------------------------------------------------


Report •

#52
June 22, 2013 at 14:54:48
"Please do tell me that was there problem in thing highlighted in BOX"
Those items mentioned have been corrected in preparation to run Defogger & Combofix.

"I would also like to ask that " Is there program to delete leftover registry because I don't want them on my system anymore. (only those registry which I know ) "
At this stage, Revo in ADVANCED mode is all you can use.

Later, after fixing the infection side of your problems, I will get you to run other tools.


Report •

#53
June 22, 2013 at 15:03:33
"Someday I find download.com is not working on the other day it is working"

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars
http://dottech.org/23420/cnet-crapw...


Report •

#54
June 22, 2013 at 15:21:25
Yes, to get any particular CNet download they show a big green button. Hover your mouse over that button and you will see that this is a "downloader" program which, in the pop-up, they own up to having bundled crapware. It's been going on for some time.

Always pop back and let us know the outcome - thanks


Report •

#55
June 24, 2013 at 23:07:18
ComboFix 13-06-24.01 - admin 25-Jun-13 11:19:07.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3327.2258 [GMT 5.5:30]
Running from: c:\users\admin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\672B27A214.sys
c:\programdata\Safe
c:\programdata\Safe\zsinfo.dat
c:\windows\wininit.ini
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
F:\123.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-25 05:53 . 2013-06-25 05:55 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-06-25 04:55 . 2013-06-25 04:55 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C26448D-37FB-435C-BD47-14FF11F08B57}\MpKsl0b9caa75.sys
2013-06-24 18:41 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C26448D-37FB-435C-BD47-14FF11F08B57}\mpengine.dll
2013-06-24 18:40 . 2013-06-24 18:41 -------- d-----w- c:\users\admin\AppData\Roaming\GetRightToGo
2013-06-23 08:49 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-22 06:06 . 2013-06-22 06:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 11:12 . 2013-06-21 11:12 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C60C72DD-3AF5-4DF1-852F-304D237D9D70}\gapaengine.dll
2013-06-19 05:24 . 2013-06-19 05:24 -------- d-----w- c:\windows\ERUNT
2013-06-19 04:33 . 2013-06-19 05:24 -------- d-----w- C:\JRT
2013-06-15 07:00 . 2013-06-15 07:10 -------- d-----w- c:\program files\HitmanPro
2013-06-15 06:59 . 2013-06-15 07:04 -------- d-----w- c:\programdata\HitmanPro
2013-06-15 06:05 . 2013-06-15 06:05 -------- d-----w- c:\users\admin\AppData\Roaming\Simply Super Software
2013-06-15 06:05 . 2013-06-15 06:05 -------- d-----w- c:\programdata\Simply Super Software
2013-06-12 20:30 . 2013-06-12 20:30 -------- d-----w- C:\FRST
2013-06-12 04:26 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 04:26 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 04:14 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 04:10 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 04:10 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 04:09 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 04:09 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 04:09 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 04:09 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 04:09 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 04:08 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 04:08 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 04:08 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 04:07 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-08 06:38 . 2013-06-08 06:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\IObit
2013-06-08 06:28 . 2013-06-08 06:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 06:06 . 2012-02-18 09:22 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 06:06 . 2011-07-25 06:38 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 06:02 . 2012-03-29 17:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-19 06:02 . 2011-07-18 12:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-17 01:00 . 2011-10-05 10:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-06-17 00:59 . 2011-10-05 10:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-17 00:58 . 2011-09-25 06:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-13 08:35 . 2011-09-20 16:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-06-13 08:34 . 2011-09-20 16:47 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-06-13 08:33 . 2011-09-20 15:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-06-13 08:33 . 2011-10-05 09:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-07 06:43 . 2011-09-20 15:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-21 04:01 . 2011-08-12 08:46 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-03 11:17 . 2013-05-03 11:17 657195 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2013-05-02 15:28 . 2011-07-16 13:03 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 10:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 04:34 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 10:05 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 10:05 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 10:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-08 06:00 . 2013-04-08 06:00 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-04-08 06:00 . 2013-04-08 06:00 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-04-04 09:20 . 2011-07-18 03:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5}]
2012-10-05 10:06 173480 ----a-w- c:\windows\Downloaded Program Files\qbc_bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"TrojanScanner"="e:\trojan remover\Trjscan.exe" [2013-04-26 1648400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start amd accelerated video transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2012-08-29 12:38 577400 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 13:06 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-02-10 06:52 1713152 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2013-04-04 09:20 887432 ----a-w- e:\malwarebytes' anti-malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 09:03 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-03-26 05:54 1516600 ----a-w- e:\nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 09:40 56928 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor]
2011-04-04 09:29 280824 ----a-w- c:\program files\Smart File Advisor\sfa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 06:33 446648 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-07-03 21:33 641704 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 02:02 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Key]
2009-11-24 09:55 1874432 ----a-w- e:\asus\Turbo Key\TurboKey.exe
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
R1 SBRE;SBRE; [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R3 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-04-08 12400]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 37064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-16 1343400]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 MpKsl0b9caa75;MpKsl0b9caa75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C26448D-37FB-435C-BD47-14FF11F08B57}\MpKsl0b9caa75.sys [2013-06-25 29904]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-03 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-08-29 66424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-08-29 384888]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-06-15 106280]
S2 MBAMScheduler;MBAMScheduler;e:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys [2008-03-18 20480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: qualys.com\browsercheck
TCP: Interfaces\{B5EAF71E-6B24-4A28-8C99-0C20C567C124}: NameServer = 202.47.112.7 202.47.112.8
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\e7fadjtz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-DAEMON Tools Lite - e:\daemon tools lite\DTLite.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ca,b6,36,a1,cc,db,5f,0c,58,a5,d6,49,6c,75,80,80,7e,05,de,2b,9f,
d8,71,1b,9c,44,52,52,e2,2d,da,de,c7,da,0d,27,41,77,25,4b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000_Classes\CLSID\{9000b2fa-7755-427d-b41d-0af9bc4f7bd8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013f
"Therad"=dword:0000001d
"SpecVersion"=dword:00000039
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(916)
e:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
e:\nokia\Nokia PC Suite 7\NGSCM.DLL
e:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
e:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrB.exe
e:\malwarebytes' anti-malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2013-06-25 11:30:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-25 06:00
.
Pre-Run: 162,612,813,824 bytes free
Post-Run: 162,145,816,576 bytes free
.
- - End Of File - - 5B65019D3D0E191F569721CF39B4B4B4
A36C5E4F47E84449FF07ED3517B43A31

Report •

#56
June 25, 2013 at 01:09:51
Combofix has done some work, we need to delve further.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#57
June 25, 2013 at 05:27:02
I went to
http://www.eset.com/online-scanner-...
then click yes but it is not working.
I tried in Mozilla
I tried restarting computer
I tried downloading from external source (softonic.com)
but it is not working.

waited for 10-15 min

pl. look @ ss below
http://s18.postimg.org/qeu2nsu3t/wi...


Report •

#58
June 25, 2013 at 06:04:58
I take you are following the instructions about downloading from a good comp, thumb drive etc.

Have zipped & uploaded my copy for you.

http://www.load.to/g8oz3OIUVc/sahil...


Report •

#59
June 25, 2013 at 12:45:18
The ESET online scanner is not working please help
http://postimg.org/image/s692xfk99/

Report •

#60
June 25, 2013 at 12:47:11
No my proxy is not configured I hope so !

or else pl. tell me steps to check for its configuration.


Report •

#61
June 25, 2013 at 15:47:16
Here are some possibles after googling.

eset online scanner not working
http://is.gd/v3TLTq

Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...

Online Scanner not working
http://kb.eset.com/esetkb/index?pag...


Report •

#62
June 25, 2013 at 19:36:00
Today, I tried running ESET online scanner (the zip file) but I am getting same message.
**Can not get update. Is proxy configured ? **

I checked for proxy setting but it was unchecked.

I went to those website and followed steps.
what I did :

My Active X control was already enabled.
I added website to trusted sites.
I searched for registry

**HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7530BFB8-7293-4D34-9923-61A11451AFC5}***

http://kb.eset.com/esetkb/index?pag...

but it is missing. I did manual search and " Find ( Ctrl + F )" function.

i am using IE 10,
problem is same in Mozilla too.


Report •

#63
June 25, 2013 at 19:41:49
Refer SS.

http://i.imgur.com/Ts3mf94.gif


Report •

#64
June 25, 2013 at 21:07:57
Tried that also, but the result is same. Doesn't work!!

Report •

#65
June 25, 2013 at 21:21:30
Something is blocking ESET, either a virus or your AV or Firewall.
Make sure in the options of both, ESET is not being blocke.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.


Report •

#66
June 25, 2013 at 22:08:24
RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 06/26/2013 10:36:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> NOT REMOVED, USE DNSFIX
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6401AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] c955fc4669fc0b5ed57df7a936b0b272
[BSP] c45bbc6e128ed4249371657fb2cabfe0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199899 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600000 | Size: 130000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 675840000 | Size: 135000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952320000 | Size: 145479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06262013_103628.txt >>
RKreport[0]_S_06262013_103427.txt


Report •

#67
June 25, 2013 at 22:20:29
"[DNS] HKLM\[...]\CCSet\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> NOT REMOVED, USE DNSFIX"

Run again & click on DNSFix.


Report •

#68
June 25, 2013 at 22:49:23
RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 06/26/2013 11:13:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x859341E8)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6401AALS-00E3A0 ATA Device +++++
--- User ---
[MBR] c955fc4669fc0b5ed57df7a936b0b272
[BSP] c45bbc6e128ed4249371657fb2cabfe0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 199899 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600000 | Size: 130000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 675840000 | Size: 135000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 952320000 | Size: 145479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06262013_111330.txt >>
RKreport[0]_D_06262013_103628.txt;RKreport[0]_S_06262013_103427.txt


Report •

#69
June 25, 2013 at 22:49:35
RogueKiller V8.6.1 [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : DNSFix -- Date : 06/26/2013 11:13:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> REPLACED ()
[DNS] HKLM\[...]\CS001\[...]\{B5EAF71E-6B24-4A28-8C99-0C20C567C124} : NameServer (202.47.112.7 202.47.112.8) -> REPLACED ()

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_DN_06262013_111354.txt >>
RKreport[0]_D_06262013_103628.txt;RKreport[0]_S_06262013_103427.txt;RKreport[0]_S_06262013_111330.txt



Report •

#70
June 25, 2013 at 22:52:57
exeHelper, download to your desktop or a thumb drive.
http://www.raktor.net/exeHelper/exe...
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now run ESET, try Safe mode if it won't work in Normal mode.


Report •

#71
June 25, 2013 at 22:56:59
exeHelper by Raktor
Build 20100414
Run at 11:25:11 on 06/26/13
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Report •

#72
June 25, 2013 at 23:12:23
Tried eset but not worked. Also tried in safe mode and safe mode with networking but the error pops up.

Here is the error message (same for safe mode and safe mode with networking) : http://s21.postimg.org/63mj6epwn/es...


Report •

#73
June 25, 2013 at 23:27:41
Google results.

error 711 cannot load remote access connection manager service

Try these first.

http://support.microsoft.com/kb/330163
https://toshibacanada.custhelp.com/...


Report •

#74
June 25, 2013 at 23:51:04
Have you noted that this error pop up when I was in safe mode

I tried the step you said and the status is here : http://www.fileconvoy.com/dfl.php?i...


Report •

#75
June 26, 2013 at 00:06:16
Use normal mode to make changes.

3 pages here showing other error numbers.
http://windows7forums.com/windows-7...

Work your way through those, I've been GOOGLING like crazy. You will need to do the same now, it's getting to hard to visualize & remember all that has happened.

When you sort it out, I will look at the ESET log.


Report •

#76
June 28, 2013 at 08:14:53
I tried many steps to make it run... but result is same. ESET is not working.

so what shell I do now ?


Report •

#77
June 28, 2013 at 15:33:02
"I tried many steps to make it run... "
List every way please.

Report •

#78
June 28, 2013 at 20:28:03
Ok.

how about scanning PC with other antivirus ..
can we got ESET's other products for scan.

Emisoft emergency toolkit.. I have kept it for download...and if you say then I will scan and paste log of it..


Report •

#79
Report •

#80
June 29, 2013 at 09:39:02
I have done scanning with two anti-virus.

Emisoft emergency toolkit.
Kaspersky security,


Report •

#81
June 29, 2013 at 09:42:46
Log of " Emisoft emergency toolkit."

-----------------------------------------------------------------------------------------------------------------
Emsisoft Emergency Kit - Version 3.0
Last update: 29-Jun-13 1:15:53 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 29-Jun-13 1:16:44 PM

Value:
HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE
detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value:
HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE
detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value:
HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLDIR
detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value:
HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #1
detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value:
HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #2
detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> DISPLAYNAME detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> UNINSTALLSTRING detected: Trace.Registry.Advanced RAR Password Recovery (A)

Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\RAR PASSWORD CRACKER -> START MENU FOLDER detected: Trace.Registry.RAR Password Cracker (A)

Key: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E02D41C-5924-4816-9490-33CCD28BEB72}
detected: Trace.Registry.MegaSearch (A)

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8759A3F4-27EB-BE2D-EA5D-724FA2CF4B6A}-~$WJVFGVJ.FAT32 -> (Quarantine-PE)
detected: Trojan.Agent.AYWW (B)

F:\Private\Happy's Pendrive\! My Picutre.SCR
detected: Gen:Variant.Kazy.92067 (B)

Scanned 616389
Found 11

Scan end: 29-Jun-13 2:31:27 PM
Scan time: 1:14:43
---------------------------------------End of log-------------------------------------------------------


Report •

#82
June 29, 2013 at 09:44:06
To see log of Kaspersky security.

Link is : C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\HtmlReport\index.html

if that don't work : http://www.fileconvoy.com/dfl.php?i...


Report •

#83
June 29, 2013 at 10:29:59
You will find below mention two files in both log.
I have scanned these files through virustotal and jotii malware scanner. You can check result for
" ESET " in this.

File :

C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{8759A3F4-27EB-BE2D-EA5D-724FA2CF4B6A}-~WJVFGVJ.FAT32

Scan results :

https://www.virustotal.com/en/file/...

http://virusscan.jotti.org/en/scanr...

File :

C:\Documents and Settings\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34

Scan results :
https://www.virustotal.com/en/file/...

http://virusscan.jotti.org/en/scanr...


Report •

#84
June 29, 2013 at 16:59:12
Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...

Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.


Report •

#85
June 29, 2013 at 21:09:52
I had checked box " List BCD "
Contents of log :


ListParts by Farbar Version: 10-05-2013
Ran by admin (administrator) on 30-06-2013 at 09:30:23
Windows 7 (X86)
Running From: C:\Users\admin\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%
Total physical RAM: 3327.18 MB
Available physical RAM: 1841.1 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 4958.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.63 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:195.21 GB) (Free:148.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:126.95 GB) (Free:50.58 GB) NTFS
3 Drive e: () (Fixed) (Total:131.84 GB) (Free:120.19 GB) NTFS
4 Drive f: () (Fixed) (Total:142.07 GB) (Free:46.71 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 89DCA979

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 195 GB 101 MB
Partition 2 Primary 126 GB 195 GB
Partition 3 Primary 131 GB 322 GB
Partition 4 Primary 142 GB 454 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 195 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 126 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 131 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NTFS Partition 142 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 89DCA979
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=142 GB) - (Type=07 NTFS)


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ab0c8992-af4e-11e0-9761-ced1e4434600}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {ab0c8994-af4e-11e0-9761-ced1e4434600}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {ab0c8992-af4e-11e0-9761-ced1e4434600}
nx OptIn
bootlog No

Windows Boot Loader
-------------------
identifier {ab0c8994-af4e-11e0-9761-ced1e4434600}
device ramdisk=[C:]\Recovery\ab0c8994-af4e-11e0-9761-ced1e4434600\Winre.wim,{ab0c8995-af4e-11e0-9761-ced1e4434600}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\ab0c8994-af4e-11e0-9761-ced1e4434600\Winre.wim,{ab0c8995-af4e-11e0-9761-ced1e4434600}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {ab0c8992-af4e-11e0-9761-ced1e4434600}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ab0c8995-af4e-11e0-9761-ced1e4434600}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\ab0c8994-af4e-11e0-9761-ced1e4434600\boot.sdi


****** End Of Log ******


Report •

#86
June 29, 2013 at 21:12:28
" RAM Defects
-----------
identifier {badmemory} "

Please let me know whether is it good or bad ?


Report •

#87
June 29, 2013 at 23:03:13
" RAM Defects
-----------
identifier {badmemory} "

That may be a side issue of your main problem. We will leave that for now.

ListParts reveals that the big infection, has not created a hidden partition.

WARNING: Your computer has been compromised with a Backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.
You should disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to advise them of your situation.

I can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Report •

#88
June 30, 2013 at 00:20:28
" ListParts reveals that the big infection, has not created a hidden partition."

Can you please explain in detail.

What do I do to clean my PC ?


Report •

#89
June 30, 2013 at 00:48:37
If anti-virus has completed
1) scanning
2) detects virus
3) removes virus.

Can we not get confirmation after re-scanning PC. whether infected or not ?


Report •

#90
June 30, 2013 at 00:53:59
" I can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. "

Ok. I follow your steps and clean PC. But can you verify whether I am secured or not or it completely cleaned ?

Thanks


Report •

#91
June 30, 2013 at 01:03:51
I want to know just for my knowledge that which part of " Lists part " log says that I am infected with backdoor Trojan.

Please do let me know..


Report •

#92
June 30, 2013 at 01:05:17
I want to know just for my knowledge that which part of " Lists part " log says that i am infected with Backdoor Trojan. Please let me know

thanks


Report •

#93
June 30, 2013 at 01:26:56
It doesn't, Virus Total does.
https://www.virustotal.com/en/file/...

Report •

#94
June 30, 2013 at 02:32:42
" I can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. "

Please tell me how can I clean my PC

Report •

#95
June 30, 2013 at 03:08:25
"Please tell me how can I clean my PC"
With any of the online tools already mentioned.
Use the lot, if you have to, as long as they remove infections, not just tell you what they are.

Post logs as usual please.


Report •

#96
June 30, 2013 at 08:24:46
I have scanned my PC with " Emisoft emergency toolkit ".

Here is the log :


Emsisoft Emergency Kit - Version 3.0
Last update: 30-Jun-13 7:39:57 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 30-Jun-13 7:40:17 PM

Value:
HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE
detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLDIR detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #1 detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #2 detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> DISPLAYNAME detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> UNINSTALLSTRING detected: Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\RAR PASSWORD CRACKER -> START MENU FOLDER detected: Trace.Registry.RAR Password Cracker (A)
Key: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E02D41C-5924-4816-9490-33CCD28BEB72} detected: Trace.Registry.MegaSearch (A)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8759A3F4-27EB-BE2D-EA5D-724FA2CF4B6A}-~$WJVFGVJ.FAT32 -> (Quarantine-PE) detected: Trojan.Agent.AYWW (B)
F:\Private\Happy's Pendrive\! My Picutre.SCR detected: Gen:Variant.Kazy.92067 (B)

Scanned 624526
Found 11

Scan end: 30-Jun-13 8:24:23 PM
Scan time: 0:44:06

F:\Private\Happy's Pendrive\! My Picutre.SCR Quarantined Gen:Variant.Kazy.92067 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8759A3F4-27EB-BE2D-EA5D-724FA2CF4B6A}-~$WJVFGVJ.FAT32 -> (Quarantine-PE) Quarantined Trojan.Agent.AYWW (B)
Key: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E02D41C-5924-4816-9490-33CCD28BEB72} Quarantined Trace.Registry.MegaSearch (A)
Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\RAR PASSWORD CRACKER -> START MENU FOLDER Quarantined Trace.Registry.RAR Password Cracker (A)
Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-1000\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_USERS\S-1-5-21-4291870420-902603639-2396003150-500\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLER LANGUAGE Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> INSTALLDIR Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #1 Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ELCOM\ADVANCED RAR PASSWORD RECOVERY -> STAT PARAM #2 Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> DISPLAYNAME Quarantined Trace.Registry.Advanced RAR Password Recovery (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADVANCED RAR PASSWORD RECOVERY -> UNINSTALLSTRING Quarantined Trace.Registry.Advanced RAR Password Recovery (A)

Quarantined 11


Report •

#97
June 30, 2013 at 15:23:25
"Ok. I follow your steps and clean PC. But can you verify whether I am secured or not or it completely cleaned ?"
Thousands of new infection varieties coming out every day, no one program can keep up with their removal, the badies are always ahead of the goodies.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"
What's that message mean? click, click.

"Quarantined 11"
Keep going, you have one of the most serious infections, try all the others & keep trying to run ESET.


Report •

#98
July 3, 2013 at 03:41:38
Finally Somehow I ran eset and the log file is :

C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\5d3ee4e0-3bad9e22 multiple threats cleaned by deleting - quarantined
E:\FREE Word and Excel password recovery Wizard\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A application cleaned by deleting - quarantined
F:\Downloads\cbsi-3_2_5_41-10912909.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
F:\Downloads\Daemon tools lite.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Downloads\extractnow.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Downloads\FreeStudio.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Downloads\FreeVideoToMP3Converter.exe Win32/OpenCandy application cleaned by deleting - quarantined
F:\Downloads\FreeWordExcelpasswordrecoverywizard.zip a variant of Win32/Toolbar.Babylon.A application deleted - quarantined
F:\Downloads\PFPortChecker.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Private\29-9-2011\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Private\29-9-2011\KMPlayer_EN_3.0.0.1441_R2.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Private\Happy's Pendrive\cbsidlm-tr1_11-Quick_Heal_Antivirus_Pro_2013-ORG-75415482.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
F:\Torrents\AntiVirus for Nokia Mobile & Sony Ericsson{h33t}{mad dog}\AV\Nokia\6630-6600-6670-6680-N70-N72-N90-7610\Zeon Antivirus\Zeon.Anti.Virus.v1.0.sis a variant of SymbOS/KillPhone.E trojan deleted - quarantined
F:\Torrents\Super Hide IP 3.2.0.8 incl Patch-by postman\SuperHideIP-3.2.0.8.Setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
F:\Torrents\Super Hide IP 3.2.0.8 incl Patch-by postman\PATCH\Super Hide IP 3.2.0.8.exe a variant of Win32/HackTool.Patcher.D application cleaned by deleting - quarantined


Report •

#99
July 3, 2013 at 03:48:02
"Finally Somehow I ran eset and the log file is :"
beautiful.

Update & Run MBAM ( Malwarebytes ) again.


Report •

#100
July 3, 2013 at 08:04:41
The log of MBAM(Updated)

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
admin :: ADMIN [administrator]

Protection: Enabled

03-Jul-13 6:52:00 PM
mbam-log-2013-07-03 (18-52-00).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 529815
Time elapsed: 1 hour(s), 29 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe|Debugger (Security.Hijack) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#101
July 3, 2013 at 08:40:57
What issues are you having now?

Report •

#102
July 3, 2013 at 11:47:44
Same issue.....problem is not resolved!!!

Report •

#103
July 3, 2013 at 16:21:26
✔ Best Answer
"Same issue.....problem is not resolved!!!"
Ok, now you appear to be clean, it's time to repair the damage done by the infections.
Let me know of any of any issues after trying each step.

EXACT error messages, if you get any, please.

Run Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
Tweaking.com - Windows Repair is an all-in-one repair tool to help fix a large majority of known Windows problems including registry errors and file permissions as well as issues with Internet Explorer, Windows Update, Windows Firewall and more.
Malware and installed programs can modify your default settings. Tweaking.com - Windows Repair is the tool you need to restore Windows original settings.

Check the following:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair Volume Shadow Copy Service
Repair File Association
Restore Important Windows Services


Report •

#104
July 4, 2013 at 01:01:31
Hi,

I did not got any error message while running this software.

This also did not helped in resolving the problem. I am still unable to access websites.

I have attached log (link is below ). I have attached logs from " log folder " if anything else is needed then let me know. There are multiple logs.

http://www.fileconvoy.com/dfl.php?i...

I would like to drag your attention on below sentence :

" One weird thing is if I turn on Okayfreedom (VPN software) then I can access all this websites (ymail.com, Microsoft.com). "

so I think there is something wrong with my DNS settings.
I was able to access www.yahoo.com (for about a week) but now I am unable and reverted back to my original problem.


Report •

#105
July 4, 2013 at 03:13:48
"so I think there is something wrong with my DNS settings"
Use Tweaking.com

Report •

#106
July 4, 2013 at 03:15:57
But what do I check. I am beginner. :) and I hope it wont damage something.

Report •

#107
July 4, 2013 at 03:23:27
Where it says DNS

Report •

#108
July 4, 2013 at 03:32:37
Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!! Greetings !!!

Hurrey !!!

Now everything is working fine :D :D

You are awesome mannnn !!!!

I CAN ACCESS ALL WEBSITES :D
Thanks


Report •

#109
July 4, 2013 at 03:47:20
Hi,

How do I hide my system files ?

You asked me to run unhide. It has " unhide " all system files.




Report •

#110
July 4, 2013 at 04:00:43
"I CAN ACCESS ALL WEBSITES :D"
Fantastic, fingers crossed it stays that way.

"How do I hide my system files ?"
If you are the only user, just leave as is, I do.

How to see hidden files in Windows
http://www.bleepingcomputer.com/tut...


Report •

#111
July 4, 2013 at 13:20:09
Well done Johnw and sahilkhan (I've been watching progress). Admirable effort which obviously took some doing.

The only thing against showing hidden files or system protected files in Windows Vista and Windows 7, is that sytem files can then show up in "user areas". For example, you can get desktop.ini files showing on the desktop (which should not be touched) if you happen to have folder groups on the desktop. I usually keep both hidden for that reason unless I have some specific need to show them. However, I do favor showing "file extensions" because it helps you to understand what the files are for (eg. exe files are programs, jpg files are pictures).

Always pop back and let us know the outcome - thanks


Report •

#112
July 4, 2013 at 16:25:42
"Well done Johnw and sahilkhan"
Thanks Derek.

Report •

#113
July 5, 2013 at 05:47:34
To

Johnw
Derek
XpUser4Real

To all of you " Thanks Guys "


Report •

#114
July 5, 2013 at 05:49:34
Everything is working good, I can access all websites but my PC and internet is working slow now.

"I Want to tune my PC "

Please advice some optimization steps/software.


Report •

#115
July 5, 2013 at 07:50:01
"I Want to tune my PC"

I'm not one for tune-up programs as they can cause more troubles than they are worth. CCleaner is generally safe and gets shot of a lot of junk - otherwise Windows iteself looks after most things.

Whatever, see what others have to say.

Always pop back and let us know the outcome - thanks


Report •

#116
July 5, 2013 at 14:55:26
sahilkhan, Thanks for your feedback!

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#117
July 5, 2013 at 16:49:17
"Everything is working good, I can access all websites but my PC and internet is working slow now"
Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Also, make sure DMA is enabled.
http://www.thewindowsplanet.com/695...
http://windows7themes.net/how-to-en...


Report •

#118
July 8, 2013 at 23:55:47
I have no problem in my computer. I would want you to recommend me some software for optimizing PC and cleaning registry for daily maintenance (I know CCleaner and Revo uninstaller but apart from it.)


I had installed " Sophos virus removal tool " to check for virus. Now I am trying to uninstall it but it pop-ups with ERROR : 1606.

I can't run setup file to repair.

To solve error I tried " steps given in below website "

1) http://support.microsoft.com/kb/886549

I tried revo and add / remove program from control panel. But it popups with ERROR 1606 (when Sophos uninstaller starts).


Report •

#119
July 9, 2013 at 00:56:04
"But it popups with ERROR 1606 (when Sophos uninstaller starts)"

As per my post #46. You must use ADVANCED mode.

"hit Cancel & let Revo continue on, to search for the remnants"

Will deal with cleaners after you try Revo.


Report •

#120
July 9, 2013 at 03:52:05
Johnw I always use it with advance mode. still not uninstalled.

Report •

#121
July 9, 2013 at 04:07:35
"Johnw I always use it with advance mode"
Good one sahilkhan, unless you tell me how you ran Revo, I cannot assume anything.

Try running Revo with the internet disconnected & if that fails, try it in Safe mode.


Report •

#122
July 12, 2013 at 23:16:08
It uninstalled!!!

I use CCleaner to remove all temp. files. Please tell me other software which can fix registry or for the daily maintenance purpose.!!


Report •

#123
July 12, 2013 at 23:25:08
"It uninstalled!!!"
Beautiful.

I use Wise tools on every comp I work on sahilkhan. Just finished using on a comp 5 minutes ago.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...



Report •

#124
July 15, 2013 at 06:00:26
Thanks...worked a bit.!!!

Do you think anything else I should have installed? like essential applications....!


Report •

#125
July 15, 2013 at 14:18:49
"Do you think anything else I should have installed? like essential applications....!"
I use these 3 programs.

Adblock Plus for Internet Explorer
https://adblockplus.org/en/internet...
https://adblockplus.org/blog/workin...

Adblock Plus for Firefox
https://addons.mozilla.org/en-US/fi...

Mozilla Labs: Prospector - about:trackers 2
https://addons.mozilla.org/en-US/fi...


Report •

#126
July 19, 2013 at 09:37:08
Thanks a lot!!!! Help is appreciated!!!

Report •

Ask Question