spudplug Posted September 30, 2012 ID:602807 Share Posted September 30, 2012 I'm pretty sure I've been hit with the google redirect virus. The reason I'm not 100% sure is my symptoms don't seem as severe as some of the other victims' posts and the redirect usually only happens on the first link I click...so far. Malwarebytes found something in the scan but that hasn't fixed the issue. How do I go about removing this virus then? I'm currently using the latest version of Firefox (can't keep track of all the update numbers). Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602818 Share Posted September 30, 2012 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Quit all running programs.Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC------->Logs will be closed if you haven't replied within 3 days!<-------- Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602829 Share Posted September 30, 2012 Attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 8/4/2009 2:27:35 AMSystem Uptime: 9/30/2012 8:24:46 AM (6 hours ago).Motherboard: Dell Inc. | | 0G437NProcessor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 1600/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 187.81 GiB free.E: is FIXED (NTFS) - 15 GiB total, 5.059 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0003Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #3PNP Device ID: ROOT\*6TO4MP\0003Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft 6to4 AdapterDevice ID: ROOT\*6TO4MP\0008Manufacturer: MicrosoftName: Microsoft 6to4 Adapter #7PNP Device ID: ROOT\*6TO4MP\0008Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0000Manufacturer: MicrosoftName: Microsoft ISATAP AdapterPNP Device ID: ROOT\*ISATAP\0000Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0002Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #3PNP Device ID: ROOT\*ISATAP\0002Service: tunnel.==== System Restore Points ===================.RP935: 8/5/2012 9:32:57 AM - Windows UpdateRP936: 8/8/2012 1:52:59 PM - Windows UpdateRP937: 8/11/2012 4:22:48 PM - Windows UpdateRP938: 8/14/2012 5:09:23 PM - Windows UpdateRP939: 8/14/2012 5:43:45 PM - Windows UpdateRP940: 8/18/2012 3:07:33 PM - Windows UpdateRP941: 8/22/2012 2:00:51 PM - Windows UpdateRP942: 8/25/2012 2:09:46 PM - Windows UpdateRP943: 8/29/2012 11:08:17 AM - Windows UpdateRP944: 9/2/2012 12:09:59 PM - Windows UpdateRP945: 9/3/2012 11:43:27 AM - Installed Java 7 Update 7RP946: 9/5/2012 3:00:20 AM - Windows UpdateRP947: 9/8/2012 4:34:31 PM - Windows UpdateRP948: 9/10/2012 8:57:09 AM - Scheduled CheckpointRP949: 9/11/2012 7:25:36 PM - Windows UpdateRP950: 9/13/2012 3:00:21 AM - Windows UpdateRP951: 9/16/2012 1:11:33 PM - Windows UpdateRP952: 9/19/2012 9:14:05 PM - Windows UpdateRP953: 9/23/2012 3:00:28 AM - Windows UpdateRP954: 9/26/2012 9:01:36 PM - Windows UpdateRP955: 9/29/2012 1:00:57 AM - Scheduled Checkpoint.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)ABBYY FineReader 6.0 SprintAcrobat.comAdobe AIRAdobe Flash Player 10 ActiveXAdobe Reader 9.5.2Adobe Shockwave Player 11.6Advanced Audio FX EngineBackyard FootballBing BarChoice GuardCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleDell-eBayDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Getting Started GuideDell Video ChatDell Webcam CentralDELL0703Driver DetectiveGoToAssist 8.0.0.514Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Java 7 Update 7Java Auto UpdaterJava SE Development Kit 6 Update 18jGRASPJunk Mail filter updateLive! Cam Avatar CreatorLiveUpdate 3.2 (Symantec Corporation)Malwarebytes Anti-Malware version 1.65.0.1400Microsoft Default ManagerMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Communicator 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (English) 2007Microsoft Office Live Add-in 1.5Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMiKTeX 2.9Mozilla Firefox 15.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTPokemon Online 1.0.23PowerDVD DXRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerRuneScape Launcher 1.0.4Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596666) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSkype ToolbarsSkype™ 5.10Spybot - Search & DestroyswMSMSymantec Technical Support Web ControlsUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)WildTangent GamesWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live WriterWinEdt 6.==== End Of File ===========================DDS:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 8.0.6001.19328 BrowserJavaVersion: 10.7.2Run by Peter at 14:46:01 on 2012-09-30Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1548 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\System32\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Windows\system32\dldtcoms.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\RUNDLL32.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Dell V305\dldtmon.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Dell V305\dldtMsdMon.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uLocal Page = \blank.htmuInternet Settings,ProxyOverride = <local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimizeduRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exemRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllTrusted Zone: msn.com\gDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{730DEBB3-1C51-411C-8C1A-FB70D3FD53C8} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{CEE9AB9C-B6FA-4220-AF06-B1BD247CCF2A} : DhcpNameServer = 76.78.224.42 66.112.235.200Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FilemRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"Hosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\nomdb5jw.default\FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 5555FF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-8-30 1153368]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-8-4 636144]R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe [2008-2-25 33448]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920].=============== File Associations ===============.JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================.2012-09-29 23:39:18 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13570FAA-5CC8-4334-AE06-C10EFFF847AC}\mpengine.dll2012-09-29 02:24:58 711240 ----a-w- C:\Windows\isRS-000.tmp2012-09-28 15:27:09 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-09-17 16:39:12 -------- d-----w- C:\Windows\System32\n2012-09-03 15:45:09 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-09-03 15:08:37 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll.==================== Find3M ====================.2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-03 15:44:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-09-03 15:44:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-08-25 11:50:39 916992 ----a-w- C:\Windows\SysWow64\wininet.dll2012-08-25 11:44:53 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll2012-08-25 11:44:29 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-08-25 11:44:13 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll2012-08-25 11:44:13 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2012-08-25 10:11:12 385024 ----a-w- C:\Windows\SysWow64\html.iec2012-08-25 08:31:40 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-08-25 08:29:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-08-25 06:50:35 1147392 ----a-w- C:\Windows\System32\wininet.dll2012-08-25 06:45:40 56832 ----a-w- C:\Windows\System32\licmgr10.dll2012-08-25 06:45:22 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl2012-08-25 06:45:06 77312 ----a-w- C:\Windows\System32\iesetup.dll2012-08-25 06:45:06 132096 ----a-w- C:\Windows\System32\iesysprep.dll2012-08-25 05:51:10 479232 ----a-w- C:\Windows\System32\html.iec2012-08-25 05:08:12 162816 ----a-w- C:\Windows\System32\ieUnatt.exe2012-08-25 05:07:00 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 14:46:48.87 ===============now scanning with roguekiller... Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602830 Share Posted September 30, 2012 and the roguekiller report:RogueKiller V8.1.0 [09/28/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Peter [Admin rights]Mode : Scan -- Date : 09/30/2012 14:52:33¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[sHELL][bLPATH] [ON_E:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Extern Hives: ¤¤¤-> E:\windows\system32\config\SOFTWARE-> E:\Users\Default\NTUSER.DAT¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: SAMSUNG HM320JI +++++--- User ---[MBR] 4e8affb06030d7037a8672ad8c6ac9a0[bSP] e3ade25a75b847fa9e28da3186d0481f : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602838 Share Posted September 30, 2012 Just Firefox is affected??Run RogueKiller again and click ScanWhen the scan completes > click on the Registry tabPut a check next to all of these and uncheck the rest: (if found)[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUNDNow click Delete on the right hand column under Options~~~~~~~~~~~~~~~~~~~~Please download AdwCleaner from here and save it on your Desktop. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.MrC Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602842 Share Posted September 30, 2012 Firefox is the only browser I have, so it's all that could be infected.[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND didn't appear under registry, but it was under the proxy tab. There's no check box, can I/should I remove it anyway?the AdwCleaner log:# AdwCleaner v2.003 - Logfile created 09/30/2012 at 15:35:19# Updated 23/09/2012 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)# User : Peter - PETER-PC# Boot Mode : Normal# Running from : C:\Users\Peter\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.comKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.comKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.comKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.19328[OK] Registry is clean.-\\ Mozilla Firefox v15.0.1 (en-US)Profile name : defaultFile : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\nomdb5jw.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1147 octets] - [30/09/2012 15:35:19]########## EOF - C:\AdwCleaner[R1].txt - [1207 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602845 Share Posted September 30, 2012 [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND didn't appear under registry, but it was under the proxy tab. There's no check box, can I/should I remove it anyway?Yes go ahead.~~~~~~~~~~~~~~~~~~Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Reboot and let me know if there's any difference, MrC Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602847 Share Posted September 30, 2012 Here's the latest log. The keys it found earlier were deleted. But what are those that it restored?# AdwCleaner v2.003 - Logfile created 09/30/2012 at 15:58:56# Updated 23/09/2012 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)# User : Peter - PETER-PC# Boot Mode : Normal# Running from : C:\Users\Peter\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.comKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.comKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.19328Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]-\\ Mozilla Firefox v15.0.1 (en-US)Profile name : defaultFile : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\nomdb5jw.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1276 octets] - [30/09/2012 15:35:19]AdwCleaner[R2].txt - [1336 octets] - [30/09/2012 15:58:42]AdwCleaner[s1].txt - [1622 octets] - [30/09/2012 15:58:56]########## EOF - C:\AdwCleaner[s1].txt - [1682 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602849 Share Posted September 30, 2012 Those are the default settings, is there any difference? MrC Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602851 Share Posted September 30, 2012 I'm still being redirected if that's what you mean. The logs show no other differences. Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602854 Share Posted September 30, 2012 The link below explains how to reset FF back to defaults, lease try it, MrChttp://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602858 Share Posted September 30, 2012 I did the reset and tried a few quick searches-no redirects yet. I'm guessing this means there's no more I can do right now, I'll just keep an eye out. If the virus is gone, is there a way to prevent it from coming back? I haven't the slightest idea of how I got it in the first place. Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602870 Share Posted September 30, 2012 Give it a try and see how it..............Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.MrC Link to post Share on other sites More sharing options...
spudplug Posted September 30, 2012 Author ID:602874 Share Posted September 30, 2012 Here's what it returned: I knew adobe was outdated, I tried updating it a few weeks ago but it didn't work. I will try that again Results of screen317's Security Check version 0.99.51 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 8 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Java SE Development Kit 6 Update 18 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (15.0.1)````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted September 30, 2012 ID:602903 Share Posted September 30, 2012 Adobe Flash Player 10 Flash Player out of Date! <---please uninstallAdobe Flash Player 11.1.102.55Adobe Reader 9 Adobe Reader out of Date! <---------please updateYou have out dated programs on the system which are vulnerable to malware.Please update or delete themInfo on doing that can be found in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 1, 2012 ID:602976 Share Posted October 1, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts