Jump to content

I think I'm infected


Recommended Posts

Hi.

 

My computer has been running very slowly for about 2 weeks now and I started trying to figure out what was wrong. 

My regular security consists of avast free.  I downloaded and ran each of malwarebytes, spybot S&D and advanced systemcare ultimate.   The problem seems to be fixed for a few minutes but it always goes back to the way it was before.  while running one of the scans, a system popup appeared saying that windows had detected a possible rootkit.  It told me to restart and run a boot-time scan.  It ran an avast boot-time scan but found nothing.  I have been looking up info on rootkits and they sound pretty nasty. I found two sources telling me different programs to try and use.

 

http://forums.malwarebytes.org/index.php?showtopic=115149

 

and

 

http://www.computerweekly.com/feature/Rootkit-and-malware-detection-and-removal-guide

 

 

Based on the advice of these two sources, I installed sophos virus removal tool and roguekiller I will post the scan logs of those two programs.

 

 

From rogue killer the first time I ran it.

 

 

 

 RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeremy [Admin rights]
Mode : Scan -- Date : 07/06/2013 12:51:59
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : Mal.Hosts ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++
--- User ---
[MBR] 0d9ee0f5bd374532f655877b44e0843d
[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07062013_125159.txt >>
 
 
 
 

I then fixed the hosts file because it all seemed clearly malicious and rescanned.  Log below.

 

 

 

 

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeremy [Admin rights]
Mode : Scan -- Date : 07/06/2013 13:17:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++
--- User ---
[MBR] 0d9ee0f5bd374532f655877b44e0843d
[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07062013_131711.txt >>
RKreport[0]_H_07062013_130017.txt;RKreport[0]_S_07062013_125159.txt
 
 
 
Here is the Log (I think) from Sophos
 
 
 
2013-07-06 12:20:11 Sophos Virus Removal Tool version 2.3
2013-07-06 12:20:11 Copyright © 2009-2012 Sophos Limited. All rights reserved.
 
2013-07-06 12:20:11 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2013-07-06 12:20:11 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-07-06 12:20:11 Checking for updates...
2013-07-06 12:20:13 Update progress: proxy server not available
2013-07-06 12:20:14 Update error: failed to read remote metadata (error 4)
2013-07-06 12:20:23 Option all = no
2013-07-06 12:20:23 Option recurse = yes
2013-07-06 12:20:23 Option archive = no
2013-07-06 12:20:23 Option service = yes
2013-07-06 12:20:23 Option confirm = yes
2013-07-06 12:20:23 Option sxl = yes
2013-07-06 12:20:23 Option max-data-age = 35
2013-07-06 12:20:23 Component SVRTcli.exe version 2.3
2013-07-06 12:20:23 Component control.dll version 2.3
2013-07-06 12:20:23 Component SVRTservice.exe version 2.3
2013-07-06 12:20:23 Component engine\osdp.dll version 1.44.0.2091
2013-07-06 12:20:23 Component engine\veex.dll version 3.44.1.2091
2013-07-06 12:20:23 Component engine\savi.dll version 7.5.12.2091
2013-07-06 12:20:23 Component rkdisk.dll version 1.5.30.0
2013-07-06 12:20:23 Version info: Product version 2.3
2013-07-06 12:20:23 Version info: Detection engine 3.44.1
2013-07-06 12:20:23 Version info: Detection data 4.90
2013-07-06 12:20:23 Version info: Build date 13/06/2013
2013-07-06 12:20:23 Version info: Data files added 428
2013-07-06 12:20:23 Version info: Last successful update (not yet updated)
 
2013-07-06 12:20:46 Scan completed.
2013-07-06 12:20:46
 
------------------------------------------------------------
 
2013-07-06 12:21:24 Sophos Virus Removal Tool version 2.3
2013-07-06 12:21:24 Copyright © 2009-2012 Sophos Limited. All rights reserved.
 
2013-07-06 12:21:24 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2013-07-06 12:21:24 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-07-06 12:21:24 Checking for updates...
2013-07-06 12:21:27 Update progress: proxy server not available
2013-07-06 12:21:34 Option all = no
2013-07-06 12:21:34 Option recurse = yes
2013-07-06 12:21:34 Option archive = no
2013-07-06 12:21:34 Option service = yes
2013-07-06 12:21:34 Option confirm = yes
2013-07-06 12:21:34 Option sxl = yes
2013-07-06 12:21:34 Option max-data-age = 35
2013-07-06 12:21:34 Component SVRTcli.exe version 2.3
2013-07-06 12:21:34 Component control.dll version 2.3
2013-07-06 12:21:34 Component SVRTservice.exe version 2.3
2013-07-06 12:21:34 Component engine\osdp.dll version 1.44.0.2091
2013-07-06 12:21:34 Component engine\veex.dll version 3.44.1.2091
2013-07-06 12:21:34 Component engine\savi.dll version 7.5.12.2091
2013-07-06 12:21:34 Component rkdisk.dll version 1.5.30.0
2013-07-06 12:21:34 Version info: Product version 2.3
2013-07-06 12:21:34 Version info: Detection engine 3.44.1
2013-07-06 12:21:34 Version info: Detection data 4.90
2013-07-06 12:21:34 Version info: Build date 13/06/2013
2013-07-06 12:21:34 Version info: Data files added 428
2013-07-06 12:21:34 Version info: Last successful update (not yet updated)
2013-07-06 12:23:44 Downloading updates...
2013-07-06 12:23:44 Update progress: [i96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2013-07-06 12:23:44 Update progress: [i49502] Found supplement SAVIW32 LATEST 4
2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE491 LATEST 
2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE492 LATEST 
2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE493 LATEST 
2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE494 LATEST 
2013-07-06 12:23:44 Update progress: [i19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-07-06 12:23:44 Update progress: [i19463] Syncing product SAVIW32 29
2013-07-06 12:23:58 Update progress: [i19463] Syncing product IDE491 181
2013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE492 222
2013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE493 32
2013-07-06 12:24:00 Installing updates...
2013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE494 1
2013-07-06 12:24:13 Update successful
2013-07-06 12:24:30 Option all = no
2013-07-06 12:24:30 Option recurse = yes
2013-07-06 12:24:30 Option archive = no
2013-07-06 12:24:30 Option service = yes
2013-07-06 12:24:30 Option confirm = yes
2013-07-06 12:24:30 Option sxl = yes
2013-07-06 12:24:30 Option max-data-age = 35
2013-07-06 12:24:30 Component SVRTcli.exe version 2.3
2013-07-06 12:24:30 Component control.dll version 2.3
2013-07-06 12:24:30 Component SVRTservice.exe version 2.3
2013-07-06 12:24:30 Component engine\osdp.dll version 1.44.0.2091
2013-07-06 12:24:30 Component engine\veex.dll version 3.44.1.2091
2013-07-06 12:24:30 Component engine\savi.dll version 7.5.12.2091
2013-07-06 12:24:30 Component rkdisk.dll version 1.5.30.0
2013-07-06 12:24:30 Version info: Product version 2.3
2013-07-06 12:24:30 Version info: Detection engine 3.44.1
2013-07-06 12:24:30 Version info: Detection data 4.90G
2013-07-06 12:24:30 Version info: Build date 13/06/2013
2013-07-06 12:24:30 Version info: Data files added 429
2013-07-06 12:24:30 Version info: Last successful update 06/07/2013 12:24:13 PM
 
2013-07-06 13:36:53 Sophos Virus Removal Tool version 2.3
2013-07-06 13:36:53 Copyright © 2009-2012 Sophos Limited. All rights reserved.
 
2013-07-06 13:36:53 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2013-07-06 13:36:53 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-07-06 13:36:53 Checking for updates...
2013-07-06 13:36:57 Update progress: proxy server not available
2013-07-06 13:38:05 Option all = no
2013-07-06 13:38:05 Option recurse = yes
2013-07-06 13:38:05 Option archive = no
2013-07-06 13:38:05 Option service = yes
2013-07-06 13:38:05 Option confirm = yes
2013-07-06 13:38:05 Option sxl = yes
2013-07-06 13:38:05 Option max-data-age = 35
2013-07-06 13:38:05 Component SVRTcli.exe version 2.3
2013-07-06 13:38:05 Component control.dll version 2.3
2013-07-06 13:38:05 Component SVRTservice.exe version 2.3
2013-07-06 13:38:05 Component engine\osdp.dll version 1.44.0.2091
2013-07-06 13:38:05 Component engine\veex.dll version 3.44.1.2091
2013-07-06 13:38:05 Component engine\savi.dll version 7.5.12.2091
2013-07-06 13:38:05 Component rkdisk.dll version 1.5.30.0
2013-07-06 13:38:05 Version info: Product version 2.3
2013-07-06 13:38:05 Version info: Detection engine 3.44.1
2013-07-06 13:38:05 Version info: Detection data 4.90G
2013-07-06 13:38:05 Version info: Build date 13/06/2013
2013-07-06 13:38:05 Version info: Data files added 429
2013-07-06 13:38:05 Version info: Last successful update 06/07/2013 12:24:13 PM
2013-07-06 13:38:24 Update not required
 
 
 
The next step according to the first link I posted, is to run Farbar from System Recovery options in Repair you Computer after selecting Advanced boot options during startup.  It says that Rogue Killer finds false positives and recommends having someone knowledgeable look over the log file first
 
Any information that you can provide would be immensely appreciated.  I am running a backup and have created a system repair disk already.  The sooner you can reply the better.
 
 
Thank you so much
 
 
Link to post
Share on other sites

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatibale with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

I tried copy and pasting the logs into the reply but it said that the post was too long so I'm sending it in a couple parts.

 

 

PART 1

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Jeremy (administrator) on 07-07-2013 08:28:45
Running from C:\Users\Jeremy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ascsvc.exe
(IOBit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ascavsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASCTray.exe
( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(IObit) C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASC.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] "C:\Users\Jeremy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-13] (Facebook Inc.)
HKCU\...\Run: [Google Update] "C:\Users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-22] (Google Inc.)
HKCU\...\Run: [Advanced SystemCare Ultimate] "C:\Users\Jeremy\Desktop\Advanced SystemCare Ultimate\ASCTray.exe" /AutoStart [512384 2012-11-07] (IObit)
MountPoints2: {2a272257-0b48-11e1-9637-14dae9a2d2ba} - F:\setup.exe -a
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] ()
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] c:\program files (x86)\asus\asus webstorage\3.0.84.161\asuswspanel.exe /s [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [1514816 2013-06-07] (IObit)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bitmeter2.lnk
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.search.yahoo.com?type=902615&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
SearchScopes: HKCU - {AFF948A3-28C7-43DC-B750-6C2976E141F1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} -  No File
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Users\Jeremy\Desktop\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B}: [NameServer]54.215.2.33,54.251.253.63
 
Link to post
Share on other sites

I realized that it will take far too long to copy and paste it all so I sent the log files to another computer, copies and pasted them into new notepad documents and am attaching them below.  I transferred the files via a blank usb thumb drive which, according to my brother-in-law (a computer engineer), is a safe process as long as there is no internet connection.  I temporarily turned off my wireless adapter and had no LAN plugged in.  

 

Please see log files attached.

 

Also, Thank you so much for taking the time to help me.  I appreciate it so much.

 

 

Addition copy.txt

FRSTlog copy.txt

Link to post
Share on other sites

Thanks for the logs, before you go any further please UNinstall all software related to the following:

 

Advanced SystemCare Ultimate
IOBit

 

Re-boot your PC when complete,

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Hi,

 

So an update, I uninstalled all of my IOBit and system care programs, (Are they malware because I told my girlfriend to install them) and immediately avast popped up saying that it had found a rootkit.  It said to let it delete it, which I did, and It said to run a boot-time scan, which I did.  Very shortly into the boot-time scan, I realized that it was going to take forever, and was also not what you had said I should do.  I cancelled the scan, let the computer load, deleted the old combofix from my desktop, disabled defender, firewall and avast and reinstalled and ran combofix.  Here is the log.  

 

I can already tell that my computer is feeling more stable. 

 

Please let me know if I'm in the clear, or if there are anymore steps that are required.

 

Thanks so much once again

ComboFix.txt

Link to post
Share on other sites

I would not advise or recommend anyone to use any software from IOBit, ok continue:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Folder::C:\FRSTc:\programdata\SecTaskManc:\program files (x86)\Security Task Managerc:\programdata\Sophosc:\program files (x86)\Sophosc:\program files (x86)\IObit Apps Toolbarc:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}c:\programdata\IObitc:\users\Jeremy\AppData\Roaming\IObitc:\program files (x86)\IObitc:\program files (x86)\Common Files\SpigotRegistry::[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=-[-HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SearchSettings"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs in next reply, also give update on any remaining issues or concerns..

 

Kevin...

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe 

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

 

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :FilesC:\Users\Jeremy\Downloads\cbsidlm-tr1_13-Hacker_Freeze-ORG-75449632.exeipconfig /flushdns /c:Commands[EmptyTemp]
     
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can be found here:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log, tell me how your system now responds, also if any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

My computer seems to be running better.  Here is the log

 

All processes killed
========== FILES ==========
C:\Users\Jeremy\Downloads\cbsidlm-tr1_13-Hacker_Freeze-ORG-75449632.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jeremy\Desktop\cmd.bat deleted successfully.
C:\Users\Jeremy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jeremy
->Temp folder emptied: 40162 bytes
->Temporary Internet Files folder emptied: 7182713 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61753951 bytes
->Google Chrome cache emptied: 359038946 bytes
->Flash cache emptied: 72333 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Users
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74846289 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8508531 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304013 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 528.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07102013_191917
 
Files moved on Reboot...
C:\Users\Jeremy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jeremy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
 
 
 
Can I get rid of all of the tools that I have used throughout this process?
 
Thanks for your continued help.
Link to post
Share on other sites

OK do the following:

 

Delete the following from your Desktop..

 

FRST

Security Checks

RogueKiller

RK_Quarantine

Anylogs from above

 

Next,

 

Remove Combofix now that we're done with it


Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
CF_Uninstall-1.jpg
 
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:


    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:_OtMoveIt folder, if present
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.

 

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop can be deleted.

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Let me know if those steps complete, also if any remaining issues or concerns....

 

Kevin...

Link to post
Share on other sites

Hi, I have carried out all these steps. combofix uninstalled properly.  When I was going through my list of installed programs I saw two programs that sounded fishy.  

 

1. IObit Apps Toolbar v7.2

 

2. PricePeep

 

I thought I had removed all of the IObit programs but this one is still there, also I have absolutely no idea what PricePeep is.

 

Thanks

Link to post
Share on other sites

I unistalled the IObit toolbar and it has gone off the list.  I clicked to uninstall pricepeep and a dialog bx popped up saying that pricepeep appears to have already been uninstalled and asked if I wanted it removed from the list of programs and features.  I said yes

 

Is there any final scan I should use to make sure I've gotten rid of everything or am I good from this point.

 

Thanks

Link to post
Share on other sites

You should be good to go, maybe use your system freely for 24 hours if all ok post back and say OK to close out...

 

I give you my own security set up, you may find this set up useful:

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.