Superbad virus !

[Rebel]

ComboFix 13-05-21.01 - Dell D531 21/05/2013 17:57:18.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1918.821 [GMT 1:00]
Running from: c:\users\Dell D531\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYVVOWPB\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\programdata\1361625835.bdinstall.bin
c:\users\Dell D531\AppData\Roaming\337
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\ebase.dll
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\app_close.png
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\app_max.png
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\app_min.png
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\app_restore.png
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\image\default\window.png
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\language\en_us\wallpaper_lang.ini
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\language\es_es\wallpaper_lang.ini
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\language\pt_br\wallpaper_lang.ini
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\language\tr_tr\wallpaper_lang.ini
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\language\zh_tw\wallpaper_lang.ini
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\libpng.dll
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\main
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\msvcp100.dll
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\msvcr100.dll
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\plusapp.exe
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml
c:\users\Dell D531\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))
.
.
2013-05-21 17:04 . 2013-05-21 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-21 17:01 . 2013-05-21 17:01 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0B168E-8A03-4283-94C8-5B55C9EF7D9D}\offreg.dll
2013-05-20 13:23 . 2013-05-20 13:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-05-20 13:15 . 2013-05-20 13:15 -------- d-----w- c:\program files\HitmanPro
2013-05-20 13:15 . 2013-05-20 13:25 -------- d-----w- c:\programdata\HitmanPro
2013-05-19 18:59 . 2013-05-19 18:59 388096 ----a-r- c:\users\Dell D531\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-19 18:59 . 2013-05-19 18:59 -------- d-----w- c:\program files (x86)\Trend Micro
2013-05-19 18:21 . 2013-05-19 18:21 -------- d-----w- c:\users\Dell D531\AppData\Roaming\Malwarebytes
2013-05-19 18:20 . 2013-05-19 18:20 -------- d-----w- c:\programdata\Malwarebytes
2013-05-19 18:19 . 2013-05-19 18:19 -------- d-----w- c:\users\Dell D531\AppData\Local\Programs
2013-05-18 11:34 . 2013-05-18 11:34 -------- d-----w- c:\users\Dell D531\AppData\Roaming\LavasoftStatistics
2013-05-17 20:24 . 2013-05-17 20:30 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-05-17 20:05 . 2013-05-17 20:05 -------- d-----w- c:\programdata\Lavasoft
2013-05-17 20:05 . 2013-05-21 16:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-05-17 20:05 . 2013-05-17 20:05 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-17 20:05 . 2013-05-21 16:09 -------- d-----w- c:\programdata\Search Protection
2013-05-17 20:03 . 2013-05-18 11:34 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-17 20:03 . 2013-05-17 21:01 -------- d-----w- c:\users\Dell D531\AppData\Roaming\Ad-Aware Antivirus
2013-05-17 19:11 . 2013-05-17 19:11 -------- d-----w- c:\users\Dell D531\AppData\Roaming\SparkTrust
2013-05-17 19:11 . 2013-05-17 19:11 -------- d-----w- c:\users\Dell D531\AppData\Roaming\DriverCure
2013-05-17 19:11 . 2013-05-19 18:44 -------- d-----w- c:\programdata\SparkTrust
2013-05-17 17:56 . 2013-05-17 17:56 -------- d-----w- c:\program files (x86)\Anvisoft
2013-05-17 17:47 . 2013-05-17 17:47 -------- d-----w- c:\windows\system32\appmgmt
2013-05-17 15:39 . 2013-05-17 15:39 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-17 14:27 . 2013-05-17 14:27 -------- d-----w- c:\program files\Enigma Software Group
2013-05-17 14:26 . 2013-05-17 17:48 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-05-17 14:25 . 2013-05-17 14:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-17 13:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-17 13:36 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-17 13:36 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-17 13:34 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-17 13:34 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-17 13:34 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-17 13:34 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-17 13:34 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-17 13:34 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-17 13:34 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-17 13:08 . 2013-05-17 13:10 -------- d-----w- c:\users\Dell D531\AppData\Roaming\337 Wallpaper
2013-05-17 12:49 . 2013-05-17 13:07 -------- d-----w- c:\programdata\eSafe
2013-05-17 12:49 . 2013-05-17 13:06 -------- d-----w- c:\program files (x86)\Desk 365
2013-05-17 12:49 . 2013-05-17 12:49 -------- d-----w- c:\users\Dell D531\AppData\Roaming\Desk 365
2013-05-17 12:48 . 2013-05-17 12:55 -------- d-----w- c:\users\Dell D531\AppData\Roaming\eIntaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 15:15 . 2013-02-21 21:30 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-04-13 05:49 . 2013-05-17 13:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-17 13:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-17 13:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-17 13:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-17 13:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-17 13:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-01 13:24 . 2013-03-01 13:23 4368720 ----a-w- c:\windows\SysWow64\mfc100u.dll
2013-02-22 10:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-02-22 10:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 aswSnx;aswSnx; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-18 14456]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-17 12:35 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 14:22]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 14:22]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E76EE8B7297682433480C951968D5B13
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - c:\program files\Bitdefender\Bitdefender SafeBox\safeboxshell.dll
ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - c:\program files\Bitdefender\Bitdefender SafeBox\safeboxshell.dll
ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - c:\program files\Bitdefender\Bitdefender SafeBox\safeboxshell.dll
ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - c:\program files\Bitdefender\Bitdefender SafeBox\safeboxshell.dll
HKLM-Run-BDAgent - c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-21 18:07:49
ComboFix-quarantined-files.txt 2013-05-21 17:07
.
Pre-Run: 49,465,724,928 bytes free
Post-Run: 49,920,872,448 bytes free
.
- - End Of File - - E93F1639D02C3EFA013C8B4130CABE1F

 

[Rebel]

I attempted to follow with the TDSKiller but the format wouldn't work, I tried it on both computers. It wont open. Ran Combofix, as you can see, however,
the Virus remains ......

 

[johnb35]

What do you mean the format wouldn't work? Please explain.

I need you to post a log that combofix produces but doesn't show you. Please navigate to c:\Qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents in your next reply.

 

[Rebel]

How do I navigate to c:\Qoobox ?

 

[voyagerfan99]

How do I navigate to c:\Qoobox ?

Open Explorer and navigate to it....

 

[Rebel]

For some reason tdskiller has installed on my old comp, but can't, so far find
a tds download that will install on the infected comp, I keep getting a choice of
programs " choose the program you want tp use to open this file with "
there are 10 to choose from, none of them looks like the ones to download this kind of program.... I will keep trying with different Tdskiller downloads,
Everything else has downloaded ok so far ....

 

[Rebel]

Did it !

Adobe Reader XI (11.0.02)
Google Chrome
Google Update Helper
HiJackThis
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
ShaderMark v2.1
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)

 

[Rebel]

Still trying to get Tds to work, I got it on the comp, when I click on the download I get a pop -up which says " Compressed Zip Folders "
" This applicationmay depend on other compressed files in this folder,
for the application to run properly, it is recommended that you first extract all files' Underneath There is a choice of three commands for me to click
~ Extract all ~ Run ~ Cancel, Which do I click !

 

[johnb35]

Download this file and run it.

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Also, Your uninstall list is pretty short. Are you by chance hiding what you have installed?

 

[Rebel]

I'm not hiding anything, John, whatever do you mean ! Purchased both comps ( reconditioned ) off Ebay, my old Dell is ..... well, Old ! So purchased the one that has now got the virus on it, to replace the old one once it finally gives up and dies..... Haven't used my latest comp at all, except to test it out briefly, then I put it aside to fall back on at a later date.
Few days ago decided to start using my "new " comp, all nice and fresh and running smoothly....... and it gets this damn virus thingy first time I go to download a freebie , ....... oh well .....

 

[johnb35]

You still haven't ansered my question about tdsskiller. What do you mean format won't work?

Also please do the following.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

 

[Rebel]

Hi John, many thanx for your ongoing patience ! Prob is with the Tdskiller, ( incl'your latest link ) When I click on it, a pop up comes up, and instead of the usual option ~ Run, as with my other downloads, which work, mostly, without hitch, I get two options, ~ Open or ~ Save, when I click either of these I get another pop - up which says ~ " Choose program you want to open file " Beneath is a list of the ten options -

Adobe reader, Microsoft office 2010, Notepad, windows media center,
Windows photo viewer, Internet Explorer, Microsoft word, Paint, Windows Media Player, Wordpad.

I don't think any of those programmes are suitable.....


~~~~~~~~~

Follow up :

I have just downloaded ADW cleaner, and clicked ~ Run, .... well it ran !
Then when I clicked on Internet Explorer to send you the report ...... All I got was a blank page ! No Internet, No QVO6 browser, Nothing ! So what do I do now ??

 

[johnb35]

Are you downloading the exe or zip version? I gave you the link to the exe and it should open and run just fine.

 

[Rebel]

I ran the Exe....

Shall I install Firefox ? I prefer it to IE, I deleted these when QVO6 showed up, in attempted to get rid of the virus I got rid of all I could, I will try, and see what happens.



Update : I am just in the process of running ~ Spyhunter 4 on my infected
comp. Spyhunter is, apparently, the only Malware security tool on the ~ Planet to totally ZAP Super nasties like QVO6 ! When I ran Spyhunter yesterday, it stated there were 27 QVO6 infections, plus 2 Bekko, 1 Softonic.... 2 Adtech, 11 Atwola and numerous other ....... "delights "

I dunno, frankly, I got a bit of a sneaky suspicion about Spyhunter, quite aside from the fact, that they have an ~ Autopayment clause, which makes me wonder if once you purchase their service, you'll NEVER stop paying !

Another thought I had was, as no one else can totally eradicate QVO6...
I was wondering if maybe, Spyhunter..... erm, created it ! Read somewhere that Spyhunter had somewhat of an " aggressive " selling streak in the past.... So, just maybe, this is one hell of a clever, sales ploy, eh ! Wouldn't surprise me .....


Is anyone here clued up on the long term activities / goals of Spyhunter ?

Spyhunter is still in the process of scanning my files ...... Detected 94 threats
so far ...... Seems a little dubious to me, as that comp has been hardly used, only been on the internet with it half a dozen times, not even a full hour, total .......

 

[johnb35]

spyhunter is junk. I still don't understand what the issue is here with tdsskiller. Is it just your home page that has changed? You can change that manually back to whatever you want. Can you download teamviewer on your infected pc and then I can access it and see what is going on? I would need your id number and password it assigns to you which you can email me. If you want to do this, just let me know.

Get teamviewer here.

www.teamviewer.com

Click where it says download free for private use.

 

[Rebel]

Managed to claw my way back into internet land..... just about ! I clicked on Google Chrome, which was on my desktop when I received the laptop. Here's the log :


# AdwCleaner v2.301 - Logfile created 05/22/2013 at 16:51:57
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Dell D531 - DELLD531-PC
# Boot Mode : Normal
# Running from : C:\Users\Dell D531\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R10QYCO9\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
File Disinfected : C:\Users\Dell D531\Desktop\Internet Explorer (64-bit).lnk
File Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\Dell D531\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Dell D531\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Dell D531\AppData\Roaming\Mozilla\Firefox\Profiles\67oucfld.default\jetpack

***** [Registry] *****

Data Deleted : HKLM\...\StartMenuInternet\Google Chrome [(Default)] = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2080BHXG2_K60ZT8425Y2ET8425Y2EX&ts=1368795320
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Dell D531\AppData\Roaming\Mozilla\Firefox\Profiles\67oucfld.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "qvo6");
Deleted : user_pref("browser.search.order.1", "qvo6");
Deleted : user_pref("browser.search.selectedEngine", "qvo6");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Dell D531\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : keyword = "qvo6",
Deleted [l.31] : search_url = "hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMH[...]
Deleted [l.1900] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...]

*************************

AdwCleaner[S1].txt - [2749 octets] - [22/05/2013 16:51:57]

########## EOF - C:\AdwCleaner[S1].txt - [2809 octets] ##########

 

[johnb35]

Ok, that explains it. It was an addon for firefox.

Now back to my one question about your installed programs. You seem to have lavasoft and avast installed but they don't show up in your installed programs list. I can't help you correctly if I can't get accurate info from you.

How's the system running now?

 

[Rebel]

Lavasoft comes up as a search engine, at times, but mostly QVO6 comes up, I didn't choose either of these, it's all just one big confusion of labels far as i'm concerned... As for Avast, i didn't realise it was there, it's not on my desktop,nor in my programs list. I'm not a comp expert, I report what I believe to be true, if I mess up, I apologise, but it is not deliberate.....

Well I didnt much like ~ Google Chrome, so decided to reinstall ~ Firefox, which is one of my favourite browsers. I chose the latest version, and was VERY careful to make sure I didn't download any nasties with it ....... As I got that total ~ Blank, screen earlier, I believed, QVO6 was gone for good.......

However when Firefox installed, just a few minutes ago, QVO6 raised it's ugly tentacles of doom back onto the screen again ....

 

[johnb35]

Check your add-ons for Firefox and see what's installed. You should let me connect to your system. Its possible the OS is corrupt and you need to reinstall. Your uninstall list isn't complete like I said.