Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

[SOLVED] possible virus

This is a discussion on [SOLVED] possible virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. i may have picked up a virus or malware...possibly through java...eset nod32 is seeing my Church website, oronaz.org (ip address


 
 
Thread Tools Search this Thread
Old 04-21-2013, 12:23 PM   #1
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate


Mistake

i may have picked up a virus or malware...possibly through java...eset nod32 is seeing my Church website, oronaz.org (ip address 205.186.179.147) as "Access to the web page was blocked by ESET NOD32 Antivirus. The web page is on the list of websites with potentially dangerous content." i've never had a problem with that site before, and the first time i tried google, eset also blocked google...now i can get to google, but when i try to "x" out the eset warning about oronaz.org, it won't go away. i downloaded gmer and dds.scr, will attach the reports...

this is the url i clicked on for oronaz.org at google, which eset is blocking: http://www.google.com/url?sa=t&rct=j...45512109,d.cGE

as you can see, it is the site for sermons from my Church...when i clicked on the above url through techsupportforum.com on preview of this post, the site came up...don't know what that means...

anyway, here is the dds.scr & gmer report...and thank you for any and all help...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by owner at 12:11:07 on 2013-04-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3318.1871 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\owner\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - c:\program files\pogo games\iWinGamesHookIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Search.com searchbox: {25f91356-743d-4a72-85bf-c49033ffa72b} -
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{44EE6654-CF64-461F-8EF1-15CF9E3044D1} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\
FF - prefs.js: browser.search.selectedEngine - Search and Earn Points!
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-03-08 17:06; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
FF - ExtSQL: 2013-03-12 13:18; {1730544c-e860-fcd4-3516-b8c727e1a26e}; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111808&tt=020512_mntb_est
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.hardId - 244e2001000000000000001372d6b794
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:50:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-12-21 171680]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-12-21 105760]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
R3 kgloapow;kgloapow;C:\kgloapow.sys [2013-4-21 103680]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-4-16 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-11-23 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-4-16 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-4-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-4-16 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-4-16 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-23 52224]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-22 1343400]
.
=============== Created Last 30 ================
.
2013-04-21 18:24:10 103680 ----a-w- C:\kgloapow.sys
2013-04-20 19:53:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-10 18:16:26 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:16:25 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:16:23 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 18:16:23 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 18:16:23 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:16:23 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:16:17 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:16:16 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 18:16:16 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:16:08 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-03 01:23:03 -------- d-----w- c:\program files\Coupons
.
==================== Find3M ====================
.
2013-03-31 23:42:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-31 23:42:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 20:20:49 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-24 20:20:49 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 12:16:28.75 ===============
Attached Files
File Type: zip attach.zip (1.7 KB, 17 views)
File Type: zip ark.zip (576 Bytes, 18 views)

__________________
jillocity is offline  
Old 04-22-2013, 11:07 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Programs and Features if it still exists: Babylon toolbar on IE

Babylon toolbar on IE<<Please read thishere

You can uninstall it via Programs and Features in your Control Panel.

Also delete the following Folder if it still exists:

C:\Program Files (x86)\babylontoolbar

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

Also delete the following Folder if it still exists:

C:\Program Files (x86)\Coupons

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\kgloapow.sys

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 04-28-2013, 07:04 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-02-2013, 08:55 PM   #4
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate


Mistake

here is the link to my posting on this problem:

http://www.techsupportforum.com/foru...us-693374.html

hopefully this time i will receive email on the problem...thank you for the help, will be looking at the help offered previously, and working on it...
__________________
jillocity is offline  
Old 05-02-2013, 09:12 PM   #5
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



here's the log from AdwCleaner:

# AdwCleaner v2.300 - Logfile created 05/02/2013 at 21:03:17
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\searchplugins\Askcom.xml
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\searchplugins\Conduit.xml
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\owner\AppData\Local\Babylon
Folder Deleted : C:\Users\owner\AppData\Local\Conduit
Folder Deleted : C:\Users\owner\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\owner\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\Local\Temp\CT3281675
Folder Deleted : C:\Users\owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\FCTB
Folder Deleted : C:\Users\owner\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\prefs.js

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111808&tt=020512_mntb_est");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "244e2001000000000000001372d6b794");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "244e2001000000000000001372d6b794");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15477");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111808&tt=02051[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:50:56");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.ClearCacheDate", 12);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.DNSCatch", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.DisplayEULA", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.EBOMode", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.EnableDCAData_xx", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.EnableDCA_xx", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.FirstLaunchShown", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.InstallDomain", "mypoints.com");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.InstallType", "one_click");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.LoadLayoutDate.100757", 12);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.ShowRecommendedOptions", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.StateReportDate", "1363119526742");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.beforeInstallSaved", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.beforeinstall.homepage", "about%3Ahome");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.beforeinstall.search", "Ask.com");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.customNewTab", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.custom_search.KeywordHistory", "obama%2520close[...]
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.dcaDefaultMode", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.dcaShowInstallerPage", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.dcaShowSurvey", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.helpUsImprove", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.hideOthers", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.partnerauth", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.processAddrBar", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.remove_homepage", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.remove_search", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.restoreSearch", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.searchHistory", true);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.session", "AC9866C7D6C9FB040CC22B65951B6194E138[...]
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.showFirstLaunchOptions", false);
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.tb_lang", "en");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.tool_id", "100757");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.user_id", "129524891");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.user_key", "5baffd486132dfae91add9157dae55cca6d[...]
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.user_layouts", "100757");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.user_lnames", "MyPoints%20Toolbar");
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Deleted : user_pref("freecause1730544ce860fcd43516b8c727e1a26e.yahooSearch", false);

-\\ Google Chrome v26.0.1410.64

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2074] : homepage = "hxxp://search.conduit.com/?CUI=UN20057557687242191&ctid=CT3281675&SearchSource=48",
Deleted [l.2990] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN20057557687242191&ctid=CT328[...]

*************************

AdwCleaner[S1].txt - [13788 octets] - [02/05/2013 21:03:17]

########## EOF - C:\AdwCleaner[S1].txt - [13849 octets] ##########

____________________________________________________________________

and here is the url for the virus total scan:

https://www.virustotal.com/en/file/d...is/1367554188/

thank you for your help...much appreciated...
__________________
jillocity is offline  
Old 05-03-2013, 05:10 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello jillocity. Is the website still blocked by ESET?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-06-2013, 12:41 AM   #7
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



for some reason i'm not getting the email notifications from here...i just decided to look and see if there was any response...i subscribed to the thread...don't know what's up with that...eset is still blocking oronaz.org (my church site)...will download combofix and run it soonest...
__________________
jillocity is offline  
Old 05-06-2013, 04:01 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello again, jillocity. If you get email through Yahoo, there are problems sometimes receiving email notifications.

You can just check your Subscribed Threads by going 'Quick Links' > 'Subscribed Threads'.

I reply at least within 24 hours, usually much sooner.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-06-2013, 12:02 PM   #9
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



yes, i do get email through yahoo...will look for quick links for responses...will be doing combofix today, had to take my sis to get a cat scan, kind of put a kink in my day's plan...will be posting log from combofix soon...thanks for the tip on quick links, and for all you help
__________________
jillocity is offline  
Old 05-06-2013, 12:23 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



You're welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-06-2013, 01:50 PM   #11
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



here is the log from ComboFix...

ComboFix 13-05-06.03 - owner 05/06/2013 13:02:16.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3318.2350 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Pogo Games\iWINgameshookie.dll
c:\users\owner\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-06 to 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 20:11 . 2013-05-06 20:14 -------- d-----w- c:\users\owner\AppData\Local\temp
2013-05-06 20:11 . 2013-05-06 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 03:05 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2013-04-27 03:05 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2013-04-27 03:05 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2013-04-27 03:05 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2013-04-27 03:05 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2013-04-27 03:05 . 2010-12-21 05:55 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2013-04-27 03:04 . 2011-06-02 05:47 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2013-04-24 17:25 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 18:24 . 2013-04-21 18:24 103680 ----a-w- C:\kgloapow.sys
2013-04-20 19:53 . 2013-04-20 19:53 -------- d-----w- c:\program files\Common Files\Java
2013-04-20 19:53 . 2013-04-04 12:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-10 18:16 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:16 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:16 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 18:16 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:16 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:16 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 18:16 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:16 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:16 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-31 23:42 . 2013-02-18 21:35 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-31 23:42 . 2011-11-23 07:57 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 20:20 . 2012-09-19 01:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-24 20:20 . 2012-09-19 01:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 19:03 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-21 23:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2011-12-21 07:24 . 2012-01-04 23:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-19 152392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 5074384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 PGMTrusted;PGMTrusted;c:\program files\Pogo Games\PGMTrusted.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 06:56]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 06:56]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2664073279-1059330920-2296131946-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 07:07]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2664073279-1059330920-2296131946-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-23 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\
FF - prefs.js: browser.search.selectedEngine - Search and Earn Points!
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-03-08 17:06; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
FF - ExtSQL: 2013-03-12 13:18; {1730544c-e860-fcd4-3516-b8c727e1a26e}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{25f91356-743d-4a72-85bf-c49033ffa72b} - c:\program files\searchcom_003\searchcom_001X.dll
Toolbar-{25f91356-743d-4a72-85bf-c49033ffa72b} - c:\program files\searchcom_003\searchcom_001X.dll
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3036)
c:\windows\System32\SyncCenter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\dinotify.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-05-06 13:18:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-06 20:18
.
Pre-Run: 430,608,056,320 bytes free
Post-Run: 432,618,815,488 bytes free
.
- - End Of File - - B0764C215C0B0F1FD07EE7F925CEFF65
__________________
jillocity is offline  
Old 05-06-2013, 04:55 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello again, jillocity. You're very welcome.

I use ESET and oronaz.org is also getting blocked on my machine.

I have played around with it on my test box, and I don't see anything malicious coming from the site.

To report a false positive to ESET, please follow these instructions:

How do I submit a virus, website or potential false positive sample to ESET's lab? - ESET Knowledgebase

Should take a couple of days for a response. Let me know what happens.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Files::
c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi

Firefox::
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\
FF - prefs.js: browser.search.selectedEngine - Search and Earn Points!
FF - ExtSQL: 2013-03-08 17:06; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}
FF - ExtSQL: 2013-03-12 13:18; {1730544c-e860-fcd4-3516-b8c727e1a26e}; c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\fbd0fb2h.default\extensions\{1730544c-e860-fcd4-3516-b8c727e1a26e}.xpi

SkipFix::

ClearJavaCache::

Folder::
c:\program files\Coupons
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-06-2013, 10:06 PM   #13
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



here is the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.05.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

5/6/2013 6:54:37 PM
mbam-log-2013-05-06 (18-54-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208434
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------------

i'm attaching a .jpg of the eset result, and ComboFix.txt

thanking you for the help...and i will be sending a "false positive" report to eset...
Attached Thumbnails
Click image for larger version

Name:	eset result.jpg
Views:	32
Size:	68.5 KB
ID:	124896  
Attached Files
File Type: txt ComboFix.txt (11.1 KB, 10 views)
__________________
jillocity is offline  
Old 05-07-2013, 04:09 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello again, jillocity. You're very welcome. Let me know when you receive a reply from ESET.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-09-2013, 12:43 AM   #15
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



no reply yet...just letting you know so you don't shut down the thread... :)
__________________
jillocity is offline  
Old 05-09-2013, 03:56 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



No worries. I'll be here.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-09-2013, 12:20 PM   #17
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



resent oronaz.org to eset...hoping for a reply...would really like to be able to go to the site, it's where our Pastor's sermons are posted, and i've missed a few...thank you for "holding the fort"... :)
__________________
jillocity is offline  
Old 05-11-2013, 11:29 AM   #18
Registered Member
 
Join Date: May 2010
Location: CA
Posts: 226
OS: windows 7 ultimate



still no response from eset...i have pretty much given up on that...thank you for your help, can i consider this "case" as solved??? that i have no virus?
__________________
jillocity is offline  
Old 05-11-2013, 09:51 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Yes, you are virus free.

I'll try too and let you know. Unacceptable for ESET not to reply. I'll let you know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-14-2013, 07:13 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,322
OS: XP SP3; Win7 32/64-bit



Hello again, jillocity. Good news. I received a reply from ESET and they agreed that the site is no longer infected and have removed the site from their blocked list. It should be reflected in the next update. Let me know if you can connect now, and I will give you some final instructions.

They also asked if you could have the site administrator increase security of the site to prevent future infection. Would it be possible for you to talk to the administrator of the site?

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] svchost virus or something worse
So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost. I thought I had everything under control until today when I changed from Norton...
pumpprodigy Resolved HJT Threads 10 01-22-2012 04:02 PM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
Same Virus Twice... PC slower with Error Messages - AntiVirus or Virus caused this?
I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus....
StoneWall_ Inactive Malware Help Topics 2 09-02-2011 06:07 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
cannot read virus file, some quarantined.
I think Avira has dealt with this but it is unable to read one of the virus files: A0035790.exe So, I am worried this might still be active. Any ideas if everything is clear? Begin scan in 'C:\' C:\Documents and Settings\J\Application Data\Sun\Java\Deployment\cache\6.0\9\7c887a89-25767019 ...
qwertyjjj Resolved HJT Threads 1 03-27-2011 09:39 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:14 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts