Help with 'Britannia Search' appearing when trying to google.

happyoutscan

Hi all and excuse me if I am in the wrong forum. The last hour when I open either Mozilla or Internet Explorer this comes up:

The procedure entry point ??_V@YAXPAX@Z could not be located in the dynamic link library msvcrt.dll.

When i 'ok' this my Google homepage opens as normal but when doing a search the results always lead to a 'Britannia Search' screen with 'no results found'. I can access my bookmark files no problem (hence being able to type this) but thats it. AVG scan and DoctorWeb does not reveal any virus although there was a virus threat earlier that I think the op removed or deleted or whatever. Any help appreciated.

I have had something simular occur but it is only ocasionally.

happyoutscan

Same thing again this morn, was hoping a restart would do it but apparently not. Any ideas anyone?

tman

Try doing a scan with malwarebytes anti malware or Spybot search and destroy

majiktripp

a2 Free Here
Spyware Terminator Here
As recommended above, I also suggest you scan with the two I mention in this post. You should use HijackThis to scan and save a log to see if theres any IE plugins causing the browser to crash. It does sound like a Spyware/Malware issue.
Dr. Web is a very good antivirus , and the free scanner they let you download generally will pick up on most nasties. Have you scanned the computer in safe mode as well?

happyoutscan

Thanks for the replies all. After my earlier post, I set up AVG slow scan, just arrived home and it did find a nasty: Virus found Win32/Cryptor so hopefully this is it. Just waiting on the scan to finish and I will get back to you. DrWeb I always find great but it didn't find anything last night, removed spybot this week because it was slowing down my processes like crazy. If this still doesn't do it I will try the above, if I can get to their download locations!

Once again thank you all for your help, much appreciated.

happyoutscan

Still no joy. Gonna try a few of your suggestions, god damn brittaniasearch bs.

Dartz

You probably have a virus.

Go the the Virus & Malware removal forum. There is a sticker there. Do the stuff it says. If that doesn't fix it. Post what the sticky tells you to post.

Podge2k7

I got that before.Malware bytes removed most of it but it still happened so i just reinstalled windows.

happyoutscan

Reinstall windows? Ouch, if I had to do that would I lose everything? Don't know how to anyway so will leave that as a last resort.

Am currently running a2 (a-squared) scan and it has found another trojan so hopefully. Regarding bringing this to Malware and spware I will, if i can (no idea how to bring this thread over there).

Thanks all for your help.

Mister Sifter

I'm having the same problem myself. My PC is running very slooooow and i get the same thing when searching on Google.

Incidentally, do you keep being automatically logged out of forums and email?

happyoutscan

Graeme1982 wrote: »

I'm having the same problem myself. My PC is running very slooooow and i get the same thing when searching on Google.

Incidentally, do you keep being automatically logged out of forums and email?

That was happening to mine also. Herself has been trying to repair it (one of her mates is an IT wizz so she's getting phone support) but it has been a long process and we are still not sure if it wil be ok. Loads of scans in safe mode etc etc etc. I would advise if you don't know what you are doing to leave it with someone who does otherwise you will probably have to do a complete reinstall. Loads of trojans and these problems starte when the brittania thingee started popping up. If I ever personally meet a hacker my 'lover not a fighter' persona will be put on pause for a few minutes!:mad:

Mister Sifter

happyoutscan wrote: »

That was happening to mine also. Herself has been trying to repair it (one of her mates is an IT wizz so she's getting phone support) but it has been a long process and we are still not sure if it wil be ok. Loads of scans in safe mode etc etc etc. I would advise if you don't know what you are doing to leave it with someone who does otherwise you will probably have to do a complete reinstall. Loads of trojans and these problems starte when the brittania thingee started popping up. If I ever personally meet a hacker my 'lover not a fighter' persona will be put on pause for a few minutes!:mad:

For anyone having the same problem, i've switched to using Google Chrome and i'm at last having a bit of normal-ish browsing. A short term solution til i get to the bottom of it.

If anyone finds a solution i'd be very grateful if they can post up details on here.

Thanks

mr.writer

I'm having the same problem with that Brittania Search thing. Is there anyone in the world that likes these things just elbowing onto their pc?
Hate it hate it hate it!

Alanstrainor

Moved from laptops.

Kryx

I just got this thing today. Its from a .dll file which is hidden is something i downloaded. Its an absolute pain :mad:. The drivers for the sound and wireless on my laptop also stopped working. It took about three hours to flush clean.

"Incidentally, do you keep being automatically logged out of forums and email?"

Yep, svchost and temp files keep chaning during log in. spybot will find these and should fix em.

"If I ever personally meet a hacker my 'lover not a fighter' persona will be put on pause for a few minutes"

I know a few hackers, most are ethical but there are a few bad eggs. Some are employed by anti-virus software companies to "hack" their software and now requires users to upgrade to their newer software. Have a look at www.hackthissite.org for ethical hacking.


ALWAYS scan a downloaded file before extraction. I didn't because i trusted the source and got screwed.

If you need an anti-virus software, i would go with kaspersky.

ronano

how did you get it out of your system in the end?

ive used

spybot
adware
spywareblaster
avira
superantispyware

no joy

ronano

anyone?

i cant get rid of it and i truly dont wanna have to format my system based on some crappy spyware malware lark. I checked around the net and no one has definitive way of getting rid of it as far as i can see

ActorSeeksJob

do this

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

ronano

Hi followed your instructions and here is the log

ComboFix 09-07-06.02 - ron 07/07/2009 12:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.605 [GMT 1:00]
Running from: c:\documents and settings\ron\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{8E3EC489-D47D-4C87-9504-05D2B06D332A}
c:\program files\Mozilla Firefox\extensions\{8E3EC489-D47D-4C87-9504-05D2B06D332A}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8E3EC489-D47D-4C87-9504-05D2B06D332A}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{8E3EC489-D47D-4C87-9504-05D2B06D332A}\install.rdf
c:\recycler\S-1-5-21-1775614370-8636200644-459361362-9377
c:\recycler\S-1-5-21-1960408961-682003330-842925246-1003
c:\recycler\S-1-5-21-2901950353-3424347711-723783299-0256
c:\recycler\S-1-5-21-8010962954-6366353190-533469711-9054
c:\recycler\S-1-5-21-931196064-335735689-1684122734-1005
c:\windows\msetup
c:\windows\msetup\MSetup.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 09:12 . 2009-07-06 09:12 463872 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Corel Paint Shop Pro Photo X2\4000009700002h\MediaCataloger.exe
2009-07-06 09:06 . 2009-07-06 09:10 88 --sh--r- c:\windows\system32\9FD60CDAC7.sys
2009-07-06 09:06 . 2009-07-06 09:06 463872 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Corel Paint Shop Pro Photo X2\40000038800002h\Corel Paint Shop Pro Photo.exe
2009-07-06 09:06 . 2009-07-06 09:06 463872 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Corel Paint Shop Pro Photo X2\4000002e00003h\PSIService.exe
2009-07-05 13:39 . 2009-07-06 21:22

---

d

---

w- c:\documents and settings\ron\Application Data\FileZilla
2009-07-05 13:38 . 2009-07-05 13:38

---

d

---

w- c:\program files\FileZilla FTP Client
2009-07-05 13:35 . 2009-07-05 13:35

---

d

---

w- c:\program files\SmartFTP Client
2009-07-05 13:35 . 2009-07-05 13:35

---

d

---

w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-07-04 21:41 . 2009-07-04 21:41

---

d

---

w- c:\windows\Sun
2009-07-04 21:39 . 2009-07-04 21:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-04 21:38 . 2009-07-04 21:38 152576 ----a-w- c:\documents and settings\ron\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-01 21:18 . 2009-07-01 21:18

---

d

---

w- c:\documents and settings\ron\Application Data\dvdcss
2009-06-22 08:34 . 2009-06-22 08:34

---

d

---

w- c:\documents and settings\ron\Application Data\TuneUp Software-BackupByTuneUpPortable
2009-06-22 08:34 . 2009-06-22 08:34

---

d

---

w- c:\documents and settings\All Users\Application Data\TuneUp Software-BackupByTuneUpPortable
2009-06-22 08:11 . 2009-06-23 09:35

---

d

---

w- c:\documents and settings\ron\Application Data\tor
2009-06-22 08:11 . 2009-06-23 09:32

---

d

---

w- c:\documents and settings\ron\Application Data\Vidalia
2009-06-22 08:11 . 2009-06-22 08:11

---

d

---

w- c:\program files\Vidalia Bundle
2009-06-19 10:56 . 2009-06-19 10:56

---

d

---

w- c:\documents and settings\ron\Application Data\TuneUp Software
2009-06-19 10:56 . 2009-06-19 10:56

---

d

---

w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-17 09:53 . 2009-06-17 09:53

---

d

---

w- c:\program files\Common Files\Adobe
2009-06-17 09:53 . 2009-06-17 09:53

---

d

---

w- c:\documents and settings\ron\Local Settings\Application Data\Adobe
2009-06-14 08:44 . 2009-06-14 08:44

---

d

---

w- c:\program files\Battery Status
2009-06-13 19:22 . 2009-06-13 19:22 89600 --sh--r- c:\windows\system32\netapi.exe
2009-06-09 22:18 . 2009-06-09 22:18

---

d

---

w- c:\program files\FirefoxPreloader
2009-06-09 22:18 . 2005-01-19 02:15 28672 ----a-w- c:\windows\system32\regclass.dll
2009-06-09 16:08 . 2009-06-09 17:41

---

d

---

w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 16:03 . 2009-06-09 16:03 24576 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\SUPERAntiSpyware Professional\4000002b00002i\SSUPDATE.EXE
2009-06-09 16:03 . 2009-06-09 16:03 24576 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\SUPERAntiSpyware Professional\4000008000002i\Splash Screen.exe
2009-06-09 15:59 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 15:59 . 2009-06-15 09:29

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 15:59 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 09:08 . 2009-05-14 09:01

---

d

---

w- c:\documents and settings\ron\Application Data\Cabbage
2009-07-06 10:49 . 2007-11-18 20:34 2516 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Corel Paint Shop Pro Photo X2\%SystemSystem%\KGyGaAvL.sys
2009-07-06 09:06 . 2009-05-08 15:31

---

d

---

w- c:\documents and settings\ron\Application Data\Thinstall
2009-07-04 21:38 . 2009-02-12 19:29

---

d

---

w- c:\program files\Java
2009-06-17 18:12 . 2009-05-09 00:03 29120 ----a-w- c:\documents and settings\ron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 09:40 . 2009-05-23 08:08

---

d

---

w- c:\documents and settings\ron\Application Data\vlc
2009-06-14 10:04 . 2009-05-29 18:25

---

d

---

w- c:\program files\SUPERAntiSpyware
2009-06-14 09:16 . 2009-05-01 17:47 117760 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\SUPERAntiSpyware Professional\%AppData%\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-12 19:34 . 2009-05-09 19:04

---

d

---

w- c:\program files\RocketDock
2009-06-09 20:38 . 2009-05-25 20:58

---

d

---

w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 18:00 . 2009-05-23 22:00

---

d

---

w- c:\program files\Lavasoft
2009-06-09 17:41 . 2009-05-21 16:11

---

d

---

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 16:09 . 2009-05-29 18:25

---

d

---

w- c:\documents and settings\ron\Application Data\SUPERAntiSpyware.com
2009-06-06 20:53 . 2009-02-12 19:32

---

d

---

w- c:\program files\Samsung
2009-06-06 20:53 . 2009-02-12 19:31

---

d--h--w- c:\program files\InstallShield Installation Information
2009-06-06 00:08 . 2009-02-12 19:31

---

d

---

w- c:\program files\Common Files\InstallShield
2009-05-31 19:31 . 2009-05-31 19:31

---

d

---

w- c:\program files\Alwil Software
2009-05-31 18:57 . 2009-05-31 18:57

---

d

---

w- c:\documents and settings\ron\Application Data\Malwarebytes
2009-05-31 18:57 . 2009-05-31 18:57

---

d

---

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 13:03 . 2009-05-30 13:03

---

d

---

w- c:\program files\Foxit Software
2009-05-30 13:03 . 2009-05-30 13:03

---

d

---

w- c:\documents and settings\ron\Application Data\Foxit
2009-05-29 18:25 . 2009-05-29 18:25

---

d

---

w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-29 18:17 . 2009-05-28 20:17

---

d

---

w- c:\program files\CCleaner
2009-05-28 22:27 . 2009-05-28 20:17

---

d

---

w- c:\program files\Yahoo!
2009-05-28 20:20 . 2009-05-28 18:55

---

d

---

w- c:\program files\Anti Trojan Elite
2009-05-28 12:07 . 2009-05-28 12:07

---

d

---

w- c:\documents and settings\ron\Application Data\Summitsoft
2009-05-27 11:06 . 2009-05-23 20:35

---

d

---

w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-27 11:06 . 2009-05-23 20:35

---

d

---

w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-27 11:06 . 2009-05-27 11:06

---

d

---

w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-26 16:50 . 2009-05-26 16:50

---

d

---

w- c:\program files\Cabbage
2009-05-26 16:50 . 2009-05-26 16:50

---

d

---

w- c:\documents and settings\ron\Application Data\cabbage backup
2009-05-25 23:00 . 2009-05-25 20:58 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-24 20:00 . 2009-05-24 08:29

---

d

---

w- c:\program files\Common Files\PC Tools
2009-05-24 19:17 . 2009-05-23 08:45

---

d

---

w- c:\documents and settings\All Users\Application Data\avg8
2009-05-24 19:15 . 2009-05-09 19:42

---

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 15:19 . 2009-05-24 15:19

---

d

---

w- c:\program files\Stardock
2009-05-24 13:04 . 2009-05-24 13:04

---

d

---

w- c:\documents and settings\ron\Application Data\PCToolsFirewallPlus
2009-05-23 22:07 . 2009-05-21 17:27

---

d

---

w- c:\program files\PCPitstop
2009-05-23 20:35 . 2009-05-23 20:35

---

d

---

w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-23 08:45 . 2009-05-23 08:45

---

d

---

w- c:\program files\AVG
2009-05-23 08:07 . 2009-05-08 15:16

---

d

---

w- c:\program files\VideoLAN
2009-05-23 08:03 . 2009-05-23 08:03

---

d

---

w- c:\documents and settings\ron\Application Data\Media Player Classic
2009-05-21 19:31 . 2009-05-21 19:31

---

d

---

w- c:\program files\Trend Micro
2009-05-21 15:35 . 2009-05-21 15:35 407040 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\AVG Anti-Spyware 7.5\4000004e00002i\guard.exe
2009-05-20 01:00 . 2009-05-20 19:18 81 ----a-w- c:\windows\system32\tj.vbs
2009-05-17 16:35 . 2009-05-17 16:34

---

d

---

w- c:\documents and settings\ron\Application Data\BSplayer PRO
2009-05-17 15:20 . 2009-05-17 15:20 7680 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\{B9F94765-5061-413D-BD9A-73D6570AB8C9}\4000004d00002i\firefox.exe
2009-05-16 21:02 . 2009-05-16 21:02 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\1000000a00002i\mshta.exe
2009-05-16 21:02 . 2009-05-16 21:02 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\1000000b00002i\rundll32.exe
2009-05-16 21:01 . 2009-05-16 21:01 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\400000e00002i\Transparent.exe
2009-05-16 21:00 . 2009-05-16 21:00 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\4000003f00002i\igfxsrvc.exe
2009-05-16 20:57 . 2009-05-16 20:57 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\400000bd00002i\RAM2_XP.exe
2009-05-16 20:57 . 2009-05-16 20:57 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\40000022000002i\VirDesk.exe
2009-05-16 20:53 . 2009-05-16 20:53 9216 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\TweakNow PowerPack Professional\400000ada00002i\PowerPack.exe
2009-05-15 16:44 . 2009-05-15 16:44

---

d

---

w- c:\program files\Microsoft
2009-05-15 16:44 . 2009-05-15 16:43

---

d

---

w- c:\program files\Windows Live
2009-05-15 14:58 . 2009-05-15 14:58

---

d

---

w- c:\documents and settings\ron\Application Data\IObit
2009-05-15 14:57 . 2009-05-15 14:57 7680 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\{B9F94765-5061-413D-BD9A-73D6570AB8C9}\4000002d000002i\Awc.exe
2009-05-15 13:24 . 2009-05-15 13:24 15240 ----a-w- c:\documents and settings\ron\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-05-13 16:47 . 2009-05-13 16:41

---

d

---

w- c:\program files\WebSite X5 v8 - Evolution
2009-05-12 19:10 . 2009-05-12 19:10

---

d

---

w- c:\documents and settings\ron\Application Data\SmartFTP
2009-05-11 12:38 . 2009-05-11 12:38 7168 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Incomedia WebSite X5 Evolution\40000037d00002i\WebSite.exe
2009-05-09 23:34 . 2009-05-09 23:34 0 ----a-w- c:\windows\nsreg.dat
2009-05-09 20:44 . 2009-05-09 20:44

---

d

---

w- c:\program files\Common Files\Windows Live
2009-05-09 20:38 . 2009-05-09 20:38 40448 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Windows Live Messenger\30000000c200002h\DW20.EXE
2009-05-09 19:43 . 2009-05-09 19:42

---

d

---

w- c:\documents and settings\All Users\Application Data\PassMark
2009-05-08 15:31 . 2009-05-08 15:31 7168 ----a-w- c:\documents and settings\ron\Application Data\Thinstall\Satellite TV for PC\40000056300002i\PC Satellite TV.exe
2009-05-08 12:47 . 2009-05-08 12:47 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_NC10_04CA.mrk
2009-04-19 10:32 . 2009-05-26 16:50 45056 ----a-w- c:\documents and settings\ron\Application Data\cabbage backup\cabbagesender2.exe
2009-04-19 10:32 . 2009-05-14 09:01 45056 ----a-w- c:\documents and settings\ron\Application Data\Cabbage\cabbagesender2.exe
2009-04-18 00:54 . 2009-05-29 20:09 10752 ----a-w- c:\documents and settings\ron\Application Data\Mozilla\Firefox\Profiles\ybo1i0jo.default\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BattStat"="c:\program files\Battery Status\BattStatLauncher.exe" [2008-02-16 10240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-04 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Firefox Preloader.lnk - c:\program files\FirefoxPreloader\FirefoxPreloader.exe [2009-6-9 98304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 1 (0x1)
"NoWindowsCatalog"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ron^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\documents and settings\ron\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"yksvc"=2 (0x2)
"xmlprov"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"LanmanServer"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"CiSvc"=2 (0x2)
"btwdins"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"UxTuneUp"=2 (0x2)
"BthServ"=2 (0x2)
"AntiVirWebService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"AntiVirMailService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\ron\\Application Data\\Thinstall\\Satellite TV for PC\\40000056300002i\\PC Satellite TV.exe"=
"c:\\Documents and Settings\\Default User\\Local Settings\\Temp\\au8ky55sd\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/15/2009 4:17 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2/12/2009 8:29 PM 4300]
R3 BattStatSys;BattStatSys;\??\c:\docume~1\ron\LOCALS~1\Temp\BSS1.tmp --> c:\docume~1\ron\LOCALS~1\Temp\BSS1.tmp [?]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2/12/2009 8:33 PM 238464]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
.

---

Supplementary Scan

---

.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\ron\Application Data\Mozilla\Firefox\Profiles\ybo1i0jo.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\ron\Application Data\Mozilla\Firefox\Profiles\ybo1i0jo.default\extensions\{DD43485F-44CC-4452-A6C6-69356A7E33DA}\platform\WINNT_x86-msvc\components\ahWinUtils_32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattStatSys]
"ImagePath"="\??\c:\docume~1\ron\LOCALS~1\Temp\BSS1.tmp"
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-1564799494-3653402825-1186213036-1005\Software\SoftwareOnline.com\SORef\{193AF433-CF58-48f8-ABE7-51D94466011A}]
@DACL=(02 0000)
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-07-07 12:30
ComboFix-quarantined-files.txt 2009-07-07 11:30

Pre-Run: 63,703,498,752 bytes free
Post-Run: 63,712,026,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /NOGUIBOOT

305

ronano

any hrelp?

ActorSeeksJob

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes
  
  :Services
  BattStatSys
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

randy lug

did you solve it in the end? i have the same problem now

theh

Instructions source

http://antonygeertsconsultancy.blogspot.com/

So here are the instructions:

First download

http://www.gmer.net/#files

Please note that the virus is often with a single browser so if you have it with mozilla then try using internet explorer until its fixed

Then run the tool which will most likely say "You have a root kit bla bla" extended scan.

After the scan is finished you will have to look at this

http://www2.gmer.net/gmer.wmv on how to delete it (basically just remove the red marked items !)


Now just download http://www.malwarebytes.org/mbam-download.php

Malware bytes, do a full scan

Reboot and done.