WinFixer, netsearchsoft and adfirstsolution pop-ups

Hello everybody,
Lately i keep getting advertising pop-ups from the afore mentioned sources. I tried to remove the WinFixer, wich has invaded my icon tray also, with VundoFix but VundoFix can't find anything infected. I followed the steps provided at and are the logs i obtained(Could not scan with Bitdefender: i get the error log "Could not load the Online Scanner!"). Hope you can help.

Thanks in advance,
Vlad

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Hello again,
I followed all the steps provided in the tutorial. No threaths were detected by the tools speciffied in there. Could not run BitDefender online scan(the scanner could not load). I provided the logs in the attached .zip file on my first post.
If there is anything else, please tell me so.

Cheers,
Vlad

 

Please attach the logs as a txt or log format.

 

Here are the first 3 logs in .txt format.

 

Last log here

Cheers,
Vlad

 

Please see the below thread on how to install and run VundoFix.

• Virtumonde aka Trojan Vundo Fix w/ Tool ...

Once you have completed the above thread, attach the log from the utility and also attach a fresh HJT log after you have rebooted.

 

Here are the requested logs.

Cheers,
Vlad

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {F822636C-EBA1-454D-A0FF-C4DE62C838CC} - (no file)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcur.dll,startup
O4 - HKLM\..\Run: [IntelliPointSetup] d:\mouse\Setup.exe /skiptoieinstall

O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\drvcur.dll

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Hi,
followed all the steps you provided. Everything went smooth.
The O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvcur.dll,startup entry could not be found by HJT. I have allready removed that using Norton Antivirus, before reading your answer.
Here is the fresh HJT log. I will inform you on the progress of the situation.

Thanks for your time and interest,
Vlad

 

Your log looks good, are you having any current problems?

 

Until now no problems. I have just finished the cleaning. Can't really tell for now.

 

Surf for a few days and let me know!

In the mean time you should see this article on How to Protect yourself from malware!

 

Everything seems in order now.
Thanks a lot for your help and time.

Cheers,
Vlad

 

Your Welcome!

Surf Safely!