Tech Support Forum banner
Not open for further replies.
1 - 5 of 5 Posts

64 Posts
I keep getting this red banner at the top of my browser that says: "SYSTEM UPDATE REQUIRED. A critical software update is needed for your browser. Click allow to update now."

Then at the top of that in a little yellow banner it goes: "Firefox prevented this site:(and it'll say whatever site I'm currently on, even you guys, which I KNOW is total BS) from asking you to install software to your computer.

If I click Allow (don't worry, I'm not stupid, I was just testing it) it goes:

"Firefox Upgrade - Gameplay Labs.

(that link just opens the software installation thing)

Here's the DDS thing. I have attached the Attach file too.


DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 22:33:34.58 on Wed 03/23/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.242 [GMT -6:00]
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://
uSearch Page =

uSearch Bar =

uDefault_Page_URL =

uDefault_Search_URL =

uSearchMigratedDefaultURL =

mSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://
mSearchAssistant =

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} -

c:\documents and settings\all users\application

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

uRunOnce: [GV Cookie Remover] cmd.exe /c del "c:\documents and

settings\compaq_owner\cookies\*gamevance*" /F /Q /S
uRunOnce: [GV Firefox removal1] cmd.exe /c rd "c:\documents and settings\compaq_owner\application

data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]" /Q/S
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRunOnce: [gvu] cmd.exe /c rd /s /q "c:\program files\Gamevance Tournament"
mRunOnce: [gvu2] cmd.exe /c reg delete HKCU\Software\gvtl /f
mRunOnce: [gvu3] cmd.exe /c reg delete HKCU\Software\AppDataLow\gvtl /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq

connections\6750491\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program

IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -


Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\wlq3yvxr.default\
FF - prefs.js: -
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL -


FF - component: c:\documents and settings\all users\application

FF - component: c:\documents and settings\all users\application

FF - component: c:\documents and settings\compaq_owner\application


FF - component: c:\documents and settings\compaq_owner\application


FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application

FF - plugin: c:\documents and settings\compaq_owner\local settings\application

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

FF - Ext: GamePlayLabs Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} -

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} -

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} -

FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and

settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe

[2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program

files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-2 517448]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
=============== Created Last 30 ================
2011-03-23 08:59:26 -------- d-----w- c:\program files\Yontoo Layers
2011-03-23 08:59:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-03-16 10:07:33 -------- d-----w- c:\program files\Gamevance
2011-03-13 02:45:07 1409 ----a-w- c:\windows\QTFont.for
2011-03-13 01:40:01 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Browser Plugin
2011-03-11 23:15:21 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\WMTools

Downloaded Files
2011-03-07 09:50:22 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Identities
2011-03-07 06:35:02 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-03-07 06:35:02 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-03-07 06:35:01 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-03-07 06:33:56 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-03-07 06:32:58 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2011-03-07 06:31:18 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-07 06:31:03 -------- d-----w- c:\windows\Logs
2011-03-07 06:25:23 -------- d-----w- c:\program files\Fox
2011-03-07 06:02:14 -------- d-----w- c:\docume~1\compaq~1\applic~1\PriceGong
2011-03-06 09:06:14 -------- d-----w- c:\program files\Microsoft CAPICOM
2011-03-05 23:33:01 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Ahead
2011-03-05 23:04:16 -------- d-----w- c:\program files\Nero
2011-03-05 21:32:20 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\WinAVI
2011-03-05 21:31:58 -------- d-----w- c:\windows\WinAVI Video Converter 9.0
2011-03-05 21:31:58 -------- d-----w- c:\program files\WinAVI Video Converter 9.0
2011-03-05 13:58:10 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-05 13:58:10 215920 ----a-w- c:\windows\system32\muweb.dll
2011-03-05 13:58:10 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-03-04 10:14:56 -------- d-----w- c:\program files\common files\DivX Shared
2011-03-04 10:14:22 -------- d-----w- c:\program files\DivX
2011-03-04 10:12:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-03-04 07:51:05 -------- d-----w- c:\docume~1\compaq~1\applic~1\LimeWire
2011-03-04 07:50:32 -------- d-----w- c:\program files\LimeWire
2011-03-04 06:42:04 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-03-04 06:41:49 -------- d-----w- c:\program files\common files\xing shared
2011-03-04 06:41:32 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-03-04 06:41:26 100864 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-03-04 06:36:43 -------- d-----w- c:\program files\CCleaner
2011-03-04 06:16:42 -------- d-----w- c:\documents and settings\compaq_owner\Tracing
2011-03-04 06:15:50 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Yahoo
2011-03-04 06:15:17 -------- d-----w- c:\program files\Microsoft
2011-03-04 06:14:58 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Yahoo!
2011-03-04 06:14:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-03-04 06:12:29 83249512 ----a-w- c:\program files\common files\windows

2011-03-04 06:11:49 -------- d-----w- c:\program files\common files\Windows Live
2011-03-04 06:11:09 -------- d-----w- c:\program files\Yahoo!
2011-03-04 06:10:34 15256 ----a-w-

2011-03-04 06:07:10 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Ares
2011-03-04 06:06:56 -------- d-----w- c:\program files\Ares
2011-03-04 06:04:52 -------- d-----w- c:\program files\uTorrentBar
2011-03-04 06:04:52 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Temp
2011-03-04 06:04:07 -------- d-----w- c:\program files\uTorrent
2011-03-04 06:03:07 -------- d-----w- c:\docume~1\compaq~1\applic~1\uTorrent
2011-03-04 06:00:10 -------- d-----w- c:\windows\network diagnostic
2011-03-02 19:50:32 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-02 19:50:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-02 19:46:13 -------- d-----w- c:\documents and settings\compaq_owner\dwhelper
2011-03-02 19:37:01 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Mozilla
2011-03-02 19:35:44 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-02 19:35:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-03-02 19:33:03 -------- d-----w- c:\program files\AVG
2011-03-02 19:29:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-02 19:13:36 -------- d-----w- c:\program files\MSXML 4.0
2011-03-02 19:11:04 -------- d-----w- c:\windows\ServicePackFiles
2011-03-02 18:57:15 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-03-02 18:52:41 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-03-02 18:52:41 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-03-02 18:51:49 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-02 18:50:14 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-02 18:50:13 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-02 18:50:12 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-03-02 18:50:12 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-02 18:49:22 -------- d-----w- c:\docume~1\compaq~1\applic~1\AVG10
2011-03-02 18:43:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-02 18:43:18 -------- d-----w- c:\windows\system32\PreInstall
2011-03-02 18:41:46 -------- d-sh--r- C:\cmdcons
2011-03-02 18:41:42 -------- d-----w- c:\windows\setup.pss
2011-03-02 18:41:25 -------- d-----w- c:\windows\setupupd
2011-03-02 18:31:55 -------- d-sh--w- c:\documents and settings\compaq_owner\UserData
2011-03-02 18:29:56 163840 ----a-w- c:\windows\system32\igfxres.dll
2011-03-02 18:29:35 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-02 18:25:52 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-03-02 18:23:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-02 18:19:12 -------- d-----w- c:\windows\I386
2011-03-02 18:12:37 -------- d-----r- c:\documents and settings\all users\Documents
2011-03-02 18:12:13 -------- d-----r- c:\windows\Offline Web Pages
2011-03-02 18:11:42 -------- d-sh--r- c:\windows\system32\dllcache
==================== Find3M ====================
2011-03-04 06:41:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-04 06:41:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-02 18:34:32 3649 ----a-w- c:\windows\viassary-hp.reg
============= FINISH: 22:37:31.87 ===============


I pretty much know why this happening too. See, I do surveys online for points and use those points to get gift cards. Sometimes they ask me to install things, which I stupidly do. They're not vicious attack sites so though so I'm pretty sure this isn't serious, rather, I think it's trying to trick me into installing their game thing for firefox. Of course, if I do, it'll probably a hell of a lot to find out how to get it off. Like some other downloads.

Anyway, I know you guys can help me. :)


2,656 Posts
Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

Please run also this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Submit the logs and let me know if the problem persists.

64 Posts
Discussion Starter · #3 ·
A little after I iniitally posted this, I remembered MBAM myself, and downloaded it and ran it before you posted Nasdaq. I ran it again since you told me to but it didn't find anything, but I still do however have the log file from when I first ran it so not all is lost.

Here's the original Log File for MBAM:

Malwarebytes' Anti-Malware

Database version: 6172

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/25/2011 7:51:48 PM
mbam-log-2011-03-25 (19-51-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 194484
Time elapsed: 1 hour(s), 32 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP39\A0012024.exe (Adware.Agent) -> Quarantined and deleted successfully.

That gamevance thing is from the surveys thing I mentioned.

Here's the checkup file:

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.) Firefox Out of Date!
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

(I turned my firewall on after reading the results btw, I don't remember why I turned it off. I'm also going to download service pack 3 too)

Oh, I also should mention that I ran a scan with AVG (full) too, before I ever posted this topic. It found like 2- 3 things of adware or spyware and like MBAM it said it removed them. It didn't actually affect anything though, as the banner is still there.

I DO know a way to remove the banner though. If I upgrade to the latest firefox version. Version 4, then it goes away. The thing is, is I don't think this actually fixes the problem, rather, it just makes it not visible. Besides, I don't like Firefox 4.

Anyway, that's all the info you wanted.

2,656 Posts
Get the latest version of the Adobe Reader.
Adobe - Adobe Reader download - All versions
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the instaqllation of any other programs that may be suggested.

When installed remove your old version of the Reader via the Add/Remove Programs applet.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not mouse click ComboFix's window while it's running. That may cause it to stall

For AVG antivirus and anti-spyware security software users only.
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
1 - 5 of 5 Posts
Not open for further replies.