Hi,
Thanks for the logs. SDFix seems to have worked.
Quote:
|
Unfortunately, i can't find a log for bfu.
|
Let's not worry about that now, but I would like to have the AVG Anti Spyware log. A copy of each report is saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\. If you still cannot find it, we'll give it another go.
Scan with HijackThis and put a checkmark against the following entries:
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
You have the following O6 line indicating some restriction on the IE/Control Panel access rights. Unless that is intentional by an administrator or program like Spybot or StartPage Guard , you can check that line too if you wish.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Make sure that all windows/applications, etc are closed before you click on "
fix checked". Exit HijackThis.
=============================
Update AVG Anti Spyware before you boot into Safe Mode.
=============================
Boot into Safe Mode following my earlier instructions.
=============================
Using Windows Explorer (right click on start, click on Explore) navigate to the following
file and
delete it if found. (Make sure that your hidden files are still visible).
C:\WINDOWS\system32\
qirewt.exe
==============================
Still in Safe Mode, scan with AVG Anti Spyware (if you were unable to find the previous report).
Close
ALL open Windows / Programs / Folders. Please start
AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. - Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================================
Please download
Dr.Web CureIt to the desktop.
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log and the AVG AS report in your next reply.
Please make sure that the HijackThis log is taken from Normal Mode. The last one seems to have been taken while in Safe Mode.