Win32/small.ca
Solved/Closed
win32/small.ca
Posts
4
Registration date
Sunday January 6, 2013
Status
Member
Last seen
January 13, 2013
-
Jan 6, 2013 at 12:14 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 13, 2013 at 05:33 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 13, 2013 at 05:33 AM
11 responses
Zohaib R
Posts
2368
Registration date
Sunday September 23, 2012
Status
Member
Last seen
December 13, 2018
69
Jan 6, 2013 at 02:12 AM
Jan 6, 2013 at 02:12 AM
Hi,
Check the below mentioned link. It has steps on how to manually remove Win32/small.ca :
https://guides.yoosecurity.com/how-to-remove-win32small-ca-virus-from-your-computer/
Do reply with results.
Check the below mentioned link. It has steps on how to manually remove Win32/small.ca :
https://guides.yoosecurity.com/how-to-remove-win32small-ca-virus-from-your-computer/
Do reply with results.
win32/small.ca
Posts
4
Registration date
Sunday January 6, 2013
Status
Member
Last seen
January 13, 2013
Jan 6, 2013 at 03:14 AM
Jan 6, 2013 at 03:14 AM
the files are not deleting and the video is not at all clear.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 6, 2013 at 06:30 AM
Jan 6, 2013 at 06:30 AM
Greetings,
With all due respect to Zohaib R, there is no virus and the link's solutions given never work, they want you to call and pay.
This is a typical bug with Win 7 action center.
Go to the Action Center (by clicking Control Panel | System and Security | Action Center) and select to Change Action Center Settings. This allows you to disable specific types of messages, including messages about Windows Update, Internet security settings, User Account Control, Windows Backup, and more.
Uncheck virus notification.
Regards
With all due respect to Zohaib R, there is no virus and the link's solutions given never work, they want you to call and pay.
This is a typical bug with Win 7 action center.
Go to the Action Center (by clicking Control Panel | System and Security | Action Center) and select to Change Action Center Settings. This allows you to disable specific types of messages, including messages about Windows Update, Internet security settings, User Account Control, Windows Backup, and more.
Uncheck virus notification.
Regards
win32/small.ca
Posts
4
Registration date
Sunday January 6, 2013
Status
Member
Last seen
January 13, 2013
Jan 6, 2013 at 01:57 PM
Jan 6, 2013 at 01:57 PM
then wt about the fact that my antivirus automatic scanning status is changing by itself , browser is crashing regularly,sys has become lot slower. And without connection to internet the system works fine bt soon as i connect it to internet it starts slowing down and hangs sometime.
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 7, 2013 at 06:13 AM
Jan 7, 2013 at 06:13 AM
Thanks for the log. Please stand-by for results.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 7, 2013 at 06:54 AM
Jan 7, 2013 at 06:54 AM
Hi
There are several malware including a Rootkit which was probably came from Bit Torrent.
I noticed that you have installed several antivirus tools (Avast, Superantispyware, Kapersky, etc) along with your main McAfee. This is dangerous as all the scanning engines will create conflicts. You must delete all antivirus software and keep only one.
You have a toolbar which is called SweetIM, it is a virus. You must remove it.
Please follow the procedure below:
1 On your desktop ZHP created an icon ZHP Fix, looks like a seringe, double click to open it.
2. Copy the following lines:
[MD5.45945F39F2F6D08A0FAEC275E68FFC5A] - (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728] [PID.3448] => Infection PUP (PUP.SweetIM)
[MD5.982C048CF2B5828F93592BA7C07593EC] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992] [PID.3456] => Infection PUP (PUP.SweetIM)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/ => Infection PUP (PUP.SweetIM)
O2 - BHO: PriceGong [64Bits] - {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong - PriceGong Comparative Shopping Tool.) -- C:\Program Files (x86)\PriceGong\2.6.3\PriceGongIE.dll => Infection BT (Adware.PriceGong)
O2 - BHO: StartNow Toolbar Helper [64Bits] - {6E13D095-45C3-4271-9475-F3B48227DD9F} . (.Unknown owner - Toolbar.) -- C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll => Infection PUP (Adware.Zugo)
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Infection PUP (PUP.SweetIM)
O4 - HKLM\..\Wow6432Node\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe => Infection PUP (PUP.SweetIM)
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe => Infection PUP (PUP.SweetIM)
O23 - Service: Updater Service for StartNow Toolbar (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe => Infection PUP (Adware.Zugo)
O42 - Logiciel: PriceGong 2.6.3 - (.PriceGong.) [HKLM][64Bits] -- PriceGong => Infection BT (Adware.PriceGong)
O42 - Logiciel: StartNow Toolbar - (.StartNow.com.) [HKLM][64Bits] -- StartNow Toolbar => Infection PUP (Adware.Zugo)
[HKCU\Software\AppDataLow\Software\PriceGong] => Infection BT (Adware.PriceGong)
[HKLM\Software\Wow6432Node\SweetIM] => Infection PUP (PUP.SweetIM)
O43 - CFD: 4/6/2012 - 7:40:19 PM - [3.124] ----D C:\Program Files (x86)\PriceGong => Infection BT (Adware.PriceGong)
O43 - CFD: 7/14/2012 - 1:01:13 AM - [1.875] ----D C:\Program Files (x86)\StartNow Toolbar => Infection PUP (Adware.Zugo)
O43 - CFD: 4/6/2012 - 7:42:17 PM - [10.990] ----D C:\Program Files (x86)\SweetIM => Infection PUP (PUP.SweetIM)
O43 - CFD: 4/6/2012 - 7:42:17 PM - [0.426] ----D C:\ProgramData\SweetIM => Infection PUP (PUP.SweetIM)
O61 - LFC:Last File Created 1/5/2013 - 1:56:34 AM ---A- C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cmap.uac.ace.advertising.com_0.localstorage [3072] O61 - LFC:Last File Created 1/5/2013 - 1:56:34 AM ---A- C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cmap.uac.ace.advertising.com_0.localstorage-journal [3608] => Infection Rootkit (Rootkit.Agent)
O87 - FAEL: "{0DD67595-5CF1-4F0A-909C-A4AC06C4B41F}" | In - Public - P6 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O87 - FAEL: "{2A90940A-C107-42CB-B098-FEA87F701990}" | In - Public - P17 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKLM\Software\Classes\SWEETIE.IEToolbar]
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKLM\Software\Classes\Toolbar3.SWEETIE]
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar]
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE] =
C:\Program Files (x86)\PriceGong
C:\Program Files (x86)\StartNow Toolbar
C:\Program Files (x86)\SweetIM
C:\ProgramData\SweetIM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
C:\Users\p\AppData\LocalLow\PriceGong
C:\Users\p\AppData\LocalLow\SweetIM
C:\Users\p\AppData\LocalLow\Toolbar4
SR - | Auto 265952 | (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
3. Click on the clipboard button and the top, this will paste the lines you copied and a Go button will appear.
4. Click on Go and close ZHP Fix.
5. Downnload the following on your desktop:
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
6. Close all running application including this one.
7. Unzip the folder and run the tool.
8. Once the scan is finished, check all the items found and delete.
9. Close the tool
10. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
11. Reboot your machine
12. Delete the ZHP Diag log, produce a new one a and upload it on Speedyshare
Good luck
There are several malware including a Rootkit which was probably came from Bit Torrent.
I noticed that you have installed several antivirus tools (Avast, Superantispyware, Kapersky, etc) along with your main McAfee. This is dangerous as all the scanning engines will create conflicts. You must delete all antivirus software and keep only one.
You have a toolbar which is called SweetIM, it is a virus. You must remove it.
Please follow the procedure below:
1 On your desktop ZHP created an icon ZHP Fix, looks like a seringe, double click to open it.
2. Copy the following lines:
[MD5.45945F39F2F6D08A0FAEC275E68FFC5A] - (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728] [PID.3448] => Infection PUP (PUP.SweetIM)
[MD5.982C048CF2B5828F93592BA7C07593EC] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992] [PID.3456] => Infection PUP (PUP.SweetIM)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/ => Infection PUP (PUP.SweetIM)
O2 - BHO: PriceGong [64Bits] - {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong - PriceGong Comparative Shopping Tool.) -- C:\Program Files (x86)\PriceGong\2.6.3\PriceGongIE.dll => Infection BT (Adware.PriceGong)
O2 - BHO: StartNow Toolbar Helper [64Bits] - {6E13D095-45C3-4271-9475-F3B48227DD9F} . (.Unknown owner - Toolbar.) -- C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll => Infection PUP (Adware.Zugo)
O2 - BHO: SWEETIE [64Bits] - {EEE6C35C-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetPacks Toolbar module for Internet Expl.) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll => Infection PUP (PUP.SweetIM)
O4 - HKLM\..\Wow6432Node\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe => Infection PUP (PUP.SweetIM)
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe => Infection PUP (PUP.SweetIM)
O23 - Service: Updater Service for StartNow Toolbar (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe => Infection PUP (Adware.Zugo)
O42 - Logiciel: PriceGong 2.6.3 - (.PriceGong.) [HKLM][64Bits] -- PriceGong => Infection BT (Adware.PriceGong)
O42 - Logiciel: StartNow Toolbar - (.StartNow.com.) [HKLM][64Bits] -- StartNow Toolbar => Infection PUP (Adware.Zugo)
[HKCU\Software\AppDataLow\Software\PriceGong] => Infection BT (Adware.PriceGong)
[HKLM\Software\Wow6432Node\SweetIM] => Infection PUP (PUP.SweetIM)
O43 - CFD: 4/6/2012 - 7:40:19 PM - [3.124] ----D C:\Program Files (x86)\PriceGong => Infection BT (Adware.PriceGong)
O43 - CFD: 7/14/2012 - 1:01:13 AM - [1.875] ----D C:\Program Files (x86)\StartNow Toolbar => Infection PUP (Adware.Zugo)
O43 - CFD: 4/6/2012 - 7:42:17 PM - [10.990] ----D C:\Program Files (x86)\SweetIM => Infection PUP (PUP.SweetIM)
O43 - CFD: 4/6/2012 - 7:42:17 PM - [0.426] ----D C:\ProgramData\SweetIM => Infection PUP (PUP.SweetIM)
O61 - LFC:Last File Created 1/5/2013 - 1:56:34 AM ---A- C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cmap.uac.ace.advertising.com_0.localstorage [3072] O61 - LFC:Last File Created 1/5/2013 - 1:56:34 AM ---A- C:\Users\p\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cmap.uac.ace.advertising.com_0.localstorage-journal [3608] => Infection Rootkit (Rootkit.Agent)
O87 - FAEL: "{0DD67595-5CF1-4F0A-909C-A4AC06C4B41F}" | In - Public - P6 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O87 - FAEL: "{2A90940A-C107-42CB-B098-FEA87F701990}" | In - Public - P17 - TRUE | .(.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}]
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKLM\Software\Classes\SWEETIE.IEToolbar]
[HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKLM\Software\Classes\Toolbar3.SWEETIE]
[HKLM\Software\Wow6432Node\Classes\SWEETIE.IEToolbar]
[HKLM\Software\Wow6432Node\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKLM\Software\Wow6432Node\Classes\Toolbar3.SWEETIE] =
C:\Program Files (x86)\PriceGong
C:\Program Files (x86)\StartNow Toolbar
C:\Program Files (x86)\SweetIM
C:\ProgramData\SweetIM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
C:\Users\p\AppData\LocalLow\PriceGong
C:\Users\p\AppData\LocalLow\SweetIM
C:\Users\p\AppData\LocalLow\Toolbar4
SR - | Auto 265952 | (Updater Service for StartNow Toolbar) . (...) - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
3. Click on the clipboard button and the top, this will paste the lines you copied and a Go button will appear.
4. Click on Go and close ZHP Fix.
5. Downnload the following on your desktop:
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
6. Close all running application including this one.
7. Unzip the folder and run the tool.
8. Once the scan is finished, check all the items found and delete.
9. Close the tool
10. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
11. Reboot your machine
12. Delete the ZHP Diag log, produce a new one a and upload it on Speedyshare
Good luck
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 8, 2013 at 05:33 PM
Jan 8, 2013 at 05:33 PM
Please stand-by
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 8, 2013 at 06:00 PM
Jan 8, 2013 at 06:00 PM
The Rookit is gone but there are still some malware.
Your McAfee should work except that the present malware in the form of toolbars is creating obstructions.
This is very important, after the following final steps, delete Malwarebyte from you system. If you McAfee still does not respond, you may need to either update or reinstall.
Now...
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
https://www.bleepingcomputer.com/download/combofix/
(click on the download @ bleeping computer button)
2.Close all open Windows including this one.
Close or disable all running Antivirus, and Firewall as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Good luck
Your McAfee should work except that the present malware in the form of toolbars is creating obstructions.
This is very important, after the following final steps, delete Malwarebyte from you system. If you McAfee still does not respond, you may need to either update or reinstall.
Now...
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
https://www.bleepingcomputer.com/download/combofix/
(click on the download @ bleeping computer button)
2.Close all open Windows including this one.
Close or disable all running Antivirus, and Firewall as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Good luck
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 11, 2013 at 06:37 AM
Jan 11, 2013 at 06:37 AM
Please,
1. I would like to see the Combofix log
2. Remove Avast from your system
3. Open ZHP Fix
4. Copy the following lines:
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}]
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}]
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}]
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}]
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}]
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}]
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Wow6432Node\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}]
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}]
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] => Infection BT (Hijacker.Seeearch)
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] => Infection BT (Hijacker.Seeearch)
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] => Infection BT (Adware. BullseyeToolbar)
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] => Infection BT (Adware. BullseyeToolbar)
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}]
[HKLM\Software\Classes\AppID\PriceGongIE.DLL]
[HKCU\Software\AppDataLow\Software\PriceGong]
C:\Users\p\AppData\LocalLow\PriceGong => Infection BT (Adware.PriceGong)
C:\Users\p\AppData\LocalLow\Toolbar4
5. Click on the clipboard button at the top which will paste the copied lines.
6. Click on go button at the bottom
1. I would like to see the Combofix log
2. Remove Avast from your system
3. Open ZHP Fix
4. Copy the following lines:
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]
[HKLM\Software\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}]
[HKLM\Software\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}]
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}]
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}]
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}]
[HKLM\Software\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}]
[HKLM\Software\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}] => Infection BT (Adware.PriceGong)
[HKLM\Software\Wow6432Node\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}]
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}]
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] => Infection BT (Hijacker.Seeearch)
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] => Infection BT (Hijacker.Seeearch)
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] => Infection BT (Adware. BullseyeToolbar)
[HKLM\Software\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] => Infection BT (Adware. BullseyeToolbar)
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] => Infection BT (Adware.SocialSkinz)
[HKLM\Software\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}]
[HKLM\Software\Classes\AppID\PriceGongIE.DLL]
[HKCU\Software\AppDataLow\Software\PriceGong]
C:\Users\p\AppData\LocalLow\PriceGong => Infection BT (Adware.PriceGong)
C:\Users\p\AppData\LocalLow\Toolbar4
5. Click on the clipboard button at the top which will paste the copied lines.
6. Click on go button at the bottom
win32/small.ca
Posts
4
Registration date
Sunday January 6, 2013
Status
Member
Last seen
January 13, 2013
Jan 13, 2013 at 12:52 AM
Jan 13, 2013 at 12:52 AM
Thnx for the help again .
combo fix log
Download Link:http://speedy.sh/2Udaa/comboflog.txt
Forum Link:[code]http://speedy.sh/2Udaa/comboflog.txt[/code]
HTML Link:<a href="http://speedy.sh/2Udaa/comboflog.txt">Download at SpeedyShare</a>
combo fix log
Download Link:http://speedy.sh/2Udaa/comboflog.txt
Forum Link:[code]http://speedy.sh/2Udaa/comboflog.txt[/code]
HTML Link:<a href="http://speedy.sh/2Udaa/comboflog.txt">Download at SpeedyShare</a>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 13, 2013 at 05:33 AM
Jan 13, 2013 at 05:33 AM
You are most welcome.
Is your system still hanging ? When ? For how long ? Do you use a password ?
Is your system still hanging ? When ? For how long ? Do you use a password ?
