Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files
Maybe, but …
MattiieG
Remove everything you can, I’ll look at later DDS report and if necessary to remove residues.
Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files
Maybe, but …
MattiieG
Remove everything you can, I’ll look at later DDS report and if necessary to remove residues.
OK, I have removed all of the anti-viruses I can see
lets hope this works
ok, just creating dds.txt now
it works here on my iPad !
Try here
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.pif
yeah, I just went onto their website and got it from there
anyways.
Very good, but we still have a little job.
Instructions how to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
Got it
I think that’s it, right?
Open notepad and copy/paste the text present inside the code box below:
File::
c:\progra~2\mcafee\SITEAD~1\McSACore.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.5\ccSvcHst.exe
Driver::
McAfee SiteAdvisor Service
Skype C2C Service
NCO
DDS::
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
Firefox::
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cx06n1gp.default\
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
I shall do this tomorrow, I am off now, is that ok?
Ok, but I’m not on the forum tomorrow, but you certainly do this.
I’ll see when I’m online.
I do not know if you will know what this is, but on my TaskManager, it shows a svchost with 233 k
in it there is
AudioEndpointBuilder
HomegroupListener
PcaSvc
SysMain
TrkWks
UxSms
Wlansvc
and wudfsvc
Do you know why this is taking up so much memory?
These are services within Svchost containers, are all legitimate.
okok, I ended it, then all of a sudden it came back, what’s going on? do you know?
I ended it, then all of a sudden it came back
I do not understand what, Combofix?
there are also p2p programs running on my laptop, are these regular? (p2pimsvc, p2psvc)
and, the avast! icons have gone missing from my system tray thing - the big where the internet strength and sound is.
how can I get the icons back?
and I meant svchost
and, therefore, due to there being no avast! icons, I cannot use combofix
Reboot the machine and it will be fine.
ahh, ty
Don’t panic ;D