Re: GOOGLE REDIRECTS TO http://abnow.com

shevo11 · ‎03-14-2012

I did that, here is the log.

Some notice from symantec andi virus appeared after restarting (while combofix was still working), this is strange because i disable it (i think this notice appeared also when i got the trouble with the zeroaccess).

What's the nest step?

Quads · ‎07-21-2008

That's Ok Syamantec may have detected the Combofix or TDSSkiller quarantine files.

The registry fix did mean that I managed to fix this

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
ipahelper.exe
acdservice
Invoker
iirsp
MKEMUSB
STV680
websenseuserservice
cqmghost
crcdisk
toddsrv
alertmanager
sr_service
Sk9920nt
sit_mdm
ASUSVRC
belgium_id_card_service
LRMINIPORT
PEVSystemStart
PSSdk23
qbposdbextservices
jaguar
defragfs
proxyhostservice
PCDCODEC
uclauncherservice
a8djusb
dvd_2K
mssql$microsoftsmlbiz
sthda
eamon
ICAM5USB
BCM43XV
flutilssvc
haspnt
nisvcloc
dvd-ram_service
issuser
sdbus
winproxy
USA49W2KP
ASDR
freepops
ipsecmon
vmodem
cpqfws2e
tphkdrv
NICSer_WPC300N
DXEC02
JRAID
A88xXBar
dsproct
picturetaker
IJPLMSVC
lxcccustomerconnect
acsvc
DcPTP
amon
nbservice
carboncopy32
HssSrv
SlNtHal
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Now Fixed

Still reading the rest of the log.

Quads

Quads · ‎07-21-2008

OK Symantec don't have an online scanner so,

Please scan with ESET next

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and DON'T (NO) check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.

Quads

shevo11 · ‎03-14-2012

Here, the log.

Quads · ‎07-21-2008

Ok now for the 3rd log, Like on your other thread do the same and run OTL same as those instructions.

Quads

shevo11 · ‎03-14-2012

Quads · ‎07-21-2008

Eyes wide open in shock, that is alot of objects to remove from services and drivers to files and folders and extensions.

I notice it appears someone is downloading cracks and keygens. Not only is that illegal but cracks and keygens can have Malware inside also, so that when you run the program it also infects the PC at the same time.

I have to create the script.

Quads

shevo11 · ‎03-14-2012

Once i finish this i will erase that keygen you say, or can i do it now?

This computer is very shared, what do you suggest yo stop doing or prevent from having ALL this infections? Any firewall that blocks?

Quads · ‎07-21-2008

Ok Use Internet Explorer for Now as the browser. We will uninstall completely Firefox and Google Chrome

1. Uninstall Firefox and Google Chrome completely it will or should ask about removing the private data, extensions, cache, History etc. to remove, YES remove that also. You may have to restart the PC after.

2. Now start OTL (Run as Administrator etc as before).

In the Custom Fix Box at the bottom of OTL copy and paste the custom script attached (include the : at the start of :OTL) and run the script. (Run Fix Button (the red one). and have it complete its script, It will clear things and restart the PC.

It could take some time this time due to the size of the script and what I will have it to do.

You have run a script before

There are sites like torrenting sites, music and movie downloads (not from sites like Itunes, others) porn sites keygens and cracks etc.

Some of what has to happen is learning about knowing what sites not to go to as it's dangerous etc. I go to some sites cos I want the Malware to infect my PC with, most people don't.

Quads