Problem with Codec-v

Hello, yesterday I was looking for some videos on the internet and unfortunately I downloaded the Codec V (the webpage said it was a necessary plug in and my antivirus did not say nothing about it so i downloaded it).

Now I cannot use any of the programs I was using while I instaled the Codec V (I this case, the programs are Google Chrome and a music-score creator called Sibelius)

I have tried many antiviruses, tried to reinstall those programs and nothings seems to work. I just cannot use them, so please If you could help me…

I have followed this topic : http://forum.avast.com/index.php?topic=53253.0 And have done what is written there so I’ll add the attachments in orther (since I cannot add them all I will make a doublepost)

and those are from roguekiller and farbar service scanner, hope you can help me

Thank you in advance for your time.

Hi,
I will be working on your Malware issues

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

ok, here it is

Open notepad and copy/paste the text present inside the code box below:



DirLook::
c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
c:\documents and settings\All Users\Datos de programa\Codec

Driver::
knkeokqakjkeduq

File::
c:\docume~1\Usuario\CONFIG~1\Temp\DAT158.tmp.exe

ClearJavaCache:: 

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE: Buscar en la web - c:\archivos de programa\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Firefox::
FF - ProfilePath - c:\documents and settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\z6s1h8qq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.gboxapp.com/?q=
FF - prefs.js: browser.startup.homepage - hxxp://search.gboxapp.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=010812_hpdel_3112_8
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 185a5cbe00000000000000241d845b02
FF - user.js: extensions.BabylonToolbar.instlDay - 15557
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:36
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false



Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Ok, here it is.

Hi,
Did you set up scheduled task as shutdown?

c:\windows\Tasks\shutdown.job

And how is your computer running now?

No id did not set up anything.

I have tried both programs (google chrome and sibelius) and both seems to work at 100% so I guess the problem is fixed already.

Thank you very much for your help.

Open notepad and copy/paste the text present inside the code box below:




File::
c:\windows\Tasks\shutdown.job
c:\windows\system32\shutdown.exe


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

ok here it is, the computer keeps working normally (as far as I can see)

Okay, that’s it.

It is necessary to uninstall the ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

ok, everything done.

Thanks.