Bo620

Removed Avanced System Protector, uninstall and reinstall lastest version of Java and Adobe. Uninstalled Combofix and RogueKill and deleted logs as instructed. Should I keep or uninstall the following programs: mbar, Revo Uninstaller, AdwCleaner (I also have CCleaner) and Security Check? Also, from the last Security Check log, at the end it said Fragmentation on Drive C: 4% so should I defrag c drive? What is SSD? I really appriciated your effort, time and knowledge to help me throught this problem! As I said, format my harddrive and hope to get rid of the virus is not something I look forward to do. Thanks a lot!

Hmmm I don't recall I d/l and install ASP but it shows up after installing clean up program....I will take care of it.... Oh seems like some programs are out of date...should I update them and run security check again? Here's the 2 reports: # AdwCleaner v2.009 - Logfile created 11/24/2012 at 13:42:46 # Updated 24/11/2012 by Xplode # Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits) # User : Maybo - MAYBO-PC # Boot Mode : Normal # Running from : C:\Users\Maybo\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\Program Files (x86)\GamesBar Deleted on reboot : C:\Program Files (x86)\Windows iLivid Toolbar Deleted on reboot : C:\Program Files (x86)\WiseConvert Deleted on reboot : C:\Program Files (x86)\Zynga Deleted on reboot : C:\Program Files (x86)\Zynga Deleted on reboot : C:\ProgramData\iWin Deleted on reboot : C:\Users\Maybo\AppData\Local\Conduit Deleted on reboot : C:\Users\Maybo\AppData\Local\Ilivid Player Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\searchquband Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Searchqutoolbar Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\WiseConvert Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Zynga Deleted on reboot : C:\Users\Maybo\AppData\LocalLow\Zynga Deleted on reboot : C:\Users\Maybo\AppData\Roaming\iWin ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert Key Deleted : HKCU\Software\AppDataLow\Software\Zynga Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WiseConvert Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zynga Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\Software\Bandoo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B325E840-2B54-4325-B1EF-8A73DE56FABD} Key Deleted : HKLM\Software\SearchquMediabarTb Key Deleted : HKLM\Software\WiseConvert Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{71B1DF81-18D9-4E5B-9493-CAB02B6E9D8F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B325E840-2B54-4325-B1EF-8A73DE56FABD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F5C8E0C-ED91-43ED-8DFD-F8E852B747E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88A67CD7-C14A-4D62-B062-C4E42D348E92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar Key Deleted : HKLM\Software\Zynga Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Maybo\AppData\Roaming\Mozilla\Firefox\Profiles\j1nepcvo.default\prefs.js Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406"); Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=406&q="); -\\ Google Chrome v [unable to get version] File : C:\Users\Maybo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5996 octets] - [24/11/2012 10:48:00] AdwCleaner[R2].txt - [6092 octets] - [24/11/2012 13:40:59] AdwCleaner[s1].txt - [6111 octets] - [24/11/2012 13:42:46] ########## EOF - C:\AdwCleaner[s1].txt - [6171 octets] ########## Results of screen317's Security Check version 0.99.55 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` I SPY Mystery Malwarebytes Anti-Malware version 1.65.1.1000 FixCleaner Java™ 6 Update 33 Java 7 Update 7 Java™ 6 Update 5 Java™ 6 Update 7 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader X KB403742.. Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Attached AdwCleaner report. State: Waiting for an action, but seems it found nothing, should I just close the program? Yes I have Avanced System Protector installed. What should I do with it? Please advise. Thanks! AdwCleanerR1.txt

When Combofix run it said my anti-virus still running which I've done what they told to disable it. So I run it anyways Attached ComboFix log, Thanks! log.txt

Wohooo I can start normal window without seeing blue screen! Reports attached, and no malware found in 2nd run!!! :D mbar-log-2012-11-24 (08-55-43).txt mbar-log-2012-11-24 (08-30-18).txt

Reports attached. Please excuses that I am not able to disable anti-virus in safe mode to run the programs. Thanks. RKreport1_S_11242012_02d0734.txt attach.txt dds.txt

It happends when show window blue screen with error IRQL_NOT_LESS_OR_EQUAL. I've run Malware and it shows there's Trojan Agent in my c:\windows\svchost.exe (show up twice). Select them all to remove but it did not get quarantine. Ran ComboFix and it fixed 1 andstill one remaining, tried to run it again but still and crash to blue screen again. Ran Malware again and 2 Trojan Agent show up again. I am able to run window in safe mode with network, it crash too fast if I start Windows normally. Not sure if I did anything wrong during the process. Is there any recommendation? Reinstall window and formatting my hard-drive will be the very last step I want to do. Thank you and appriciate your help. Bo mbam log: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.24.03 Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Maybo :: MAYBO-PC [administrator] Protection: Disabled 11/23/2012 7:53:08 PM mbam-log-2012-11-23 (19-53-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 249182 Time elapsed: 3 minute(s), 4 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 1116 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.