JoeBob Posted October 10, 2012 ID:605591 Share Posted October 10, 2012 I'm pretty sure that I got this from a Boy Scout forum. No good deed, etc.Malwarebytes Pro scanned and found two false Java updates and removed them, but the main pop-up continues to appear in the lower right corner with a variety of offers.Ran DDS. Attach.txt did not appear.DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Joe at 22:22:32 on 2012-10-09Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4389 [GMT -4:00].AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\StikyNot.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exeC:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exeC:\Program Files (x86)\FireTrust\MailWasher\MailWasherPro.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://drudgereport.com/uWindow Title = Internet Explorer, optimized for Bing and MSNuInternet Settings,ProxyOverride = *.local;192.168.*.*mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [AdobeBridge]uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\Backup Assistant Plus Service.exeuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MISSIN~1.LNK - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLLTrusted Zone: google.com\b.mailTrusted Zone: google.com\mailTrusted Zone: google.com\wwwTrusted Zone: paypal.com\wwwDPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{C1F0840F-0CDC-4EAF-8DBA-F1C6F5D5D5B5} : DhcpNameServer = 192.168.0.1mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCacheBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FilemRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"Hosts: 198.15.104.132 www.google-analytics.com.Hosts: 198.15.104.132 ad-emea.doubleclick.net.Hosts: 198.15.104.132 www.statcounter.com.Hosts: 72.29.93.243 www.google-analytics.com.Hosts: 72.29.93.243 ad-emea.doubleclick.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-2 13336]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 399432]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 676936]R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-5-2 3289680]R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-5-2 173920]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-2 25640]S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-2 30528]S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-25 2214504]S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096].=============== Created Last 30 ================.2012-10-09 22:25:44 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes2012-10-09 22:25:39 -------- d-----w- C:\ProgramData\Malwarebytes2012-10-09 22:25:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-10-09 22:25:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-09-26 11:10:47 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe2012-09-11 18:47:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-09-11 18:47:42 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys2012-09-11 18:47:33 574464 ----a-w- C:\Windows\System32\d3d10level9.dll2012-09-11 18:47:33 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2012-09-11 18:47:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys2012-09-11 18:47:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-09-11 18:47:24 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2012-10-09 02:43:35 25640 ----a-w- C:\Windows\gdrv.sys2012-10-09 01:35:46 30528 ----a-w- C:\Windows\GVTDrv64.sys2012-10-08 18:30:18 25640 ----a-w- C:\Windows\etdrv.sys2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi2011-01-18 08:52:10 475016 ----a-w- C:\Program Files (x86)\setup.exe.============= FINISH: 22:22:45.76 ===============Many thanks in advance!Joe Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605594 Share Posted October 10, 2012 Welcome to the forum.Please download MiniToolBox to your desktop:http://download.blee...MiniToolBox.exeRight click MiniToolBox and select " Run as administrator " to run it.Check the following in the list:List Installed programsClick GoPlease post the contents of the Result.txt in your next Reply.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Next...............Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC (be back in am)------->Your topic will be closed if you haven't replied within 3 days!<-------- Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605595 Share Posted October 10, 2012 Found Attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/2/2010 9:14:20 AMSystem Uptime: 10/9/2012 9:42:02 PM (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3RProcessor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3238/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 223 GiB total, 152.314 GiB free.D: is CDROM ()E: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is RemovableR: is FIXED (NTFS) - 1863 GiB total, 1076.15 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP161: 8/16/2012 1:32:38 AM - Windows UpdateRP162: 8/23/2012 7:58:51 AM - Scheduled CheckpointRP163: 8/30/2012 10:24:37 AM - Scheduled CheckpointRP164: 9/7/2012 12:24:47 PM - Scheduled CheckpointRP165: 9/12/2012 12:45:09 AM - Windows UpdateRP166: 9/19/2012 7:30:40 PM - Scheduled CheckpointRP167: 9/24/2012 3:00:10 AM - Windows UpdateRP168: 9/26/2012 6:01:22 PM - Windows UpdateRP169: 10/4/2012 3:45:12 PM - Scheduled CheckpointRP170: 10/9/2012 3:55:20 PM - Windows Modules Installer.==== Hosts File Hijack ======================.Hosts: 198.15.104.132 www.google-analytics.com.Hosts: 198.15.104.132 ad-emea.doubleclick.net.Hosts: 198.15.104.132 www.statcounter.com.Hosts: 72.29.93.243 www.google-analytics.com.Hosts: 72.29.93.243 ad-emea.doubleclick.net.Hosts: 72.29.93.243 www.statcounter.com..==== Installed Programs ======================.@BIOSAdobe Media PlayerAdobe Photoshop CS5Adobe Reader X (10.1.3)Apple Application SupportApple Software UpdateCompatibility Pack for the 2007 Office systemEasy Tune 6 B10.0728.1EpsonNet PrintFastPrint 1.70 Build 090115FileZilla Client 3.5.3Google ChromeGoogle SketchUp 8Intel® Rapid Storage TechnologyJava Auto UpdaterJava 6 Update 31MailWasherProMalwarebytes Anti-Malware version 1.65.0.1400Microsoft Office Access database engine 2007 (English)Microsoft Office Small Business Edition 2003Microsoft Store Download ManagerMicrosoft Streets & Trips 2010Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable PackageMicrosoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Missing Sync for AndroidMotoHelper 2.1.32 Driver 5.4.0MotoHelper MergeModulesMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Music ManagerNEF CodecNeoComposite3NeoPackProfessional3Notepad++ version 6.1.2OpenOffice.org 3.3PDF Settings CS5QuickTimeRealtek Ethernet Controller Driver For Windows 7Renesas Electronics USB 3.0 Host Controller DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)ThumbsPlusTimestone License ManagerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VIPRE AntivirusZenfolio Uploader.==== Event Viewer Messages From Past Week ========.10/9/2012 9:43:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.10/9/2012 6:08:09 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service..==== End Of File ===========================Working on your reply - thanks for being so quick!Joe Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605597 Share Posted October 10, 2012 MiniToolBox by Farbar Version: 23-07-2012Ran by Joe (administrator) on 09-10-2012 at 22:56:41Microsoft Windows 7 Professional Service Pack 1 (X64)Boot Mode: Normal***************************************************************************=========================== Installed Programs ============================@BIOS (Version: 2.08)Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)Adobe Media Player (Version: 1.8)Adobe Photoshop CS5 (Version: 12.0)Adobe Reader X (10.1.3) (Version: 10.1.3)Apple Application Support (Version: 1.4.1)Apple Mobile Device Support (Version: 3.3.0.69)Apple Software Update (Version: 2.1.3.127)Bonjour (Version: 2.0.4.0)Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)Easy Tune 6 B10.0728.1 (Version: 1.00.0000)EpsonNet Print (Version: 2.4j)FastPrint 1.70 Build 090115FileZilla Client 3.5.3 (Version: 3.5.3)Google Chrome (Version: 22.0.1229.92)Google SketchUp 8 (Version: 3.0.14346)Intel® Rapid Storage Technology (Version: 9.6.0.1014)iTunes (Version: 10.1.1.4)Java Auto Updater (Version: 2.0.7.1)Java 6 Update 31 (Version: 6.0.310)KONICA MINOLTA Universal PSMailWasherPro (Version: 1.3.0)Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031)Microsoft Office Small Business Edition 2003 (Version: 11.0.5614.0)Microsoft Store Download Manager (Version: 2.8.4431.2)Microsoft Streets & Trips 2010 (Version: 17.0.18.2200)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)Microsoft_VC90_ATL_x86 (Version: 1.00.0000)Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)Microsoft_VC90_CRT_x86 (Version: 1.00.0000)Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)Microsoft_VC90_MFC_x86 (Version: 1.00.0000)Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)Missing Sync for Android (Version: 1.6.1.201)MobileMe Control Panel (Version: 3.1.6.0)MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)MotoHelper MergeModules (Version: 1.2.0)Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Music ManagerNEF Codec (Version: 1.00.0000)NeoComposite3NeoPackProfessional3Notepad++ version 6.1.2 (Version: 6.1.2)NVIDIA Control Panel 275.33 (Version: 275.33)NVIDIA Display Control Panel (Version: 6.14.12.5896)NVIDIA Graphics Driver 275.33 (Version: 275.33)NVIDIA Install Application (Version: 2.275.78.0)NVIDIA Update 1.3.5 (Version: 1.3.5)NVIDIA Update Components (Version: 1.3.5)OpenOffice.org 3.3 (Version: 3.3.9567)PDF Settings CS5 (Version: 10.0)PVSonyDll (Version: 1.00.0001)QuickTime (Version: 7.69.80.9)Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)ThumbsPlusThumbsPlus (Version: 8.1.0.3537)Timestone License ManagerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)VIPRE Antivirus (Version: 5.2.5162)Zenfolio Uploader**** End of log ****QuarantineReport.txt from RogueKiller: Time : 09/10/2012 22:59:37 --------------------------ERROR [pcalua.exe.vir] -> C:\Windows\system32\pcalua.exeERROR [setup[1].exe.vir] -> C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe[dds.scr.vir] -> C:\Users\Joe\Desktop\dds.scrSee you AM as well.Thanks again,Joe Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605625 Share Posted October 10, 2012 Can you run RogueKiller again and post the log, that doesn't look like the correct one. MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605638 Share Posted October 10, 2012 Sorry, I must not have run as administrator last night. Last night's report was from inside a folder that RK put on the desktop, "RK_Quarantine" This .txt file came up when I repeated the scan this morning :RogueKiller V8.1.1 [10/03/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Joe [Admin rights]Mode : Scan -- Date : 10/09/2012 22:59:37¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 5 ¤¤¤[TASK][sUSP PATH] {A7095D19-6EC3-46EC-A4EF-008202A475A7} : C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe" -d C:\Users\Joe\Desktop -> FOUND[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Joe\Desktop\dds.scr) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost198.15.104.132 www.google-analytics.com.198.15.104.132 ad-emea.doubleclick.net.198.15.104.132 www.statcounter.com.72.29.93.243 www.google-analytics.com.72.29.93.243 ad-emea.doubleclick.net.72.29.93.243 www.statcounter.com.¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: OCZ-AGILITY2 3.5 +++++--- User ---[MBR] 0d5b3bf30d937369b9712cc9508de717[bSP] 8c133aa30c978a900275124ec97c7230 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: RAID-5 +++++--- User ---[MBR] 493f892f4c1cbe9d12577fc8c4927ed7[bSP] 7cac6029736adb5bfc00f36f3bd3ed37 : Windows 7 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907732 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605639 Share Posted October 10, 2012 Go to the link below and run "Fix It" to restore the original host file:http://support.microsoft.com/kb/972034~~~~~~~~~~~~~~~~~~~~Next................Please download Listparts64Run the tool, click Scan and post the log (Result.txt) it makes~~~~~~~~~~~~~~~~~~~Last................Please read the directions carefully so you don't end up deleting something that is good!!Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605657 Share Posted October 10, 2012 Profile cruising - Nice Labs! Mine: Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605659 Share Posted October 10, 2012 First Action:ListParts by Farbar Version: 02-10-2012Ran by Joe (administrator) on 10-10-2012 at 09:57:18Windows 7 (X64)Running From: C:\Users\Joe\DesktopLanguage: 0409************************************************************========================= Memory info ======================Percentage of memory in use: 23%Total physical RAM: 6142.4 MBAvailable physical RAM: 4703.95 MBTotal Pagefile: 12282.99 MBAvailable Pagefile: 10669.33 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB======================= Partitions =========================1 Drive c: (SSD-BOOT) (Fixed) (Total:223.47 GB) (Free:151.93 GB) NTFS8 Drive r: (RAID-5) (Fixed) (Total:1863.02 GB) (Free:1076.15 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 223 GB 0 B Disk 1 Online 1863 GB 1024 KB Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 223 GB 101 MB======================================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components) ======================================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 C SSD-BOOT NTFS Partition 223 GB Healthy Boot ======================================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1863 GB 1024 KB======================================================================================================Disk: 1Partition 1Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 R RAID-5 NTFS Partition 1863 GB Healthy ======================================================================================================****** End Of Log ****** Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605665 Share Posted October 10, 2012 BTW: Did the MS FixIt.Kapersky 1 :10:01:56.0217 4464 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:2410:01:56.0545 4464 ============================================================10:01:56.0545 4464 Current date / time: 2012/10/10 10:01:56.054510:01:56.0545 4464 SystemInfo:10:01:56.0545 4464 10:01:56.0545 4464 OS Version: 6.1.7601 ServicePack: 1.010:01:56.0545 4464 Product type: Workstation10:01:56.0545 4464 ComputerName: MAG710:01:56.0545 4464 UserName: Joe10:01:56.0545 4464 Windows directory: C:\Windows10:01:56.0545 4464 System windows directory: C:\Windows10:01:56.0545 4464 Running under WOW6410:01:56.0545 4464 Processor architecture: Intel x6410:01:56.0545 4464 Number of processors: 810:01:56.0545 4464 Page size: 0x100010:01:56.0545 4464 Boot type: Normal boot10:01:56.0545 4464 ============================================================10:01:56.0748 4464 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004010:01:56.0748 4464 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1700000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004010:01:56.0763 4464 ============================================================10:01:56.0763 4464 \Device\Harddisk0\DR0:10:01:56.0763 4464 MBR partitions:10:01:56.0763 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200010:01:56.0763 4464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF100010:01:56.0763 4464 \Device\Harddisk1\DR1:10:01:56.0763 4464 MBR partitions:10:01:56.0763 4464 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0A00010:01:56.0763 4464 ============================================================10:01:56.0763 4464 C: <-> \Device\Harddisk0\DR0\Partition210:01:56.0779 4464 R: <-> \Device\Harddisk1\DR1\Partition110:01:56.0779 4464 ============================================================10:01:56.0779 4464 Initialize success10:01:56.0779 4464 ============================================================10:02:33.0143 4672 Deinitialize successKapersky 2 "Post Too Long Error": Trying to figure out how to attach. Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605666 Share Posted October 10, 2012 TDSSKiller.2.8.10.0_10.10.2012_10.04.36_log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605667 Share Posted October 10, 2012 That scan was clean....please clean out temp files:Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete clean~~~~~~~~~~~~~~~~~~~~~~~~~~Then...........Please download AdwCleaner from here and save it on your Desktop. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605682 Share Posted October 10, 2012 TFC ran fine.adwcleaner was blocked by SmartScreen Filter (ie9)Want me to try Chrome? Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605688 Share Posted October 10, 2012 # AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:02:11# Updated 06/10/2012 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Joe - MAG7# Boot Mode : Normal# Running from : C:\Users\Joe\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\ProgramData\Ask***** [Registry] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Found : HKU\S-1-5-21-3430556371-3959146057-3840519633-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Google Chrome v22.0.1229.92File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1328 octets] - [10/10/2012 11:02:11]########## EOF - C:\AdwCleaner[R1].txt - [1388 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605690 Share Posted October 10, 2012 Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605697 Share Posted October 10, 2012 # AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:09:28# Updated 06/10/2012 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Joe - MAG7# Boot Mode : Normal# Running from : C:\Users\Joe\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\Ask***** [Registry] *****Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Google Chrome v22.0.1229.92File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1453 octets] - [10/10/2012 11:02:11]AdwCleaner[R2].txt - [1513 octets] - [10/10/2012 11:08:53]AdwCleaner[s1].txt - [1307 octets] - [10/10/2012 11:09:28]########## EOF - C:\AdwCleaner[s1].txt - [1367 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605698 Share Posted October 10, 2012 Next...........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605703 Share Posted October 10, 2012 ComboFix 12-10-10.02 - Joe 10/10/2012 11:24:18.1.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4879 [GMT -4:00]Running from: c:\users\Joe\Desktop\ComboFix.exeAV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Setup.exec:\users\Joe\OOo_3.3.0_Win_x86_install-wJRE_en-US.exec:\users\Joe\z45174Lf.exeR:\install.exe..((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))..2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\programdata\Malwarebytes2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-10-09 22:25 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-26 11:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe2012-09-11 18:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys2012-09-11 18:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2012-09-11 18:47 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll2012-09-11 18:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll2012-09-11 18:47 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-09-11 18:47 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys2012-09-11 18:47 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-10-09 02:43 . 2010-10-02 14:03 25640 ----a-w- c:\windows\gdrv.sys2012-10-09 01:35 . 2010-10-02 14:14 30528 ----a-w- c:\windows\GVTDrv64.sys2012-10-08 18:30 . 2010-10-02 14:14 25640 ----a-w- c:\windows\etdrv.sys2012-09-12 04:45 . 2010-10-02 13:44 64462936 ----a-w- c:\windows\system32\MRT.exe2012-07-18 18:15 . 2012-08-15 12:17 3148800 ----a-w- c:\windows\system32\win32k.sys2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files (x86)\openofficeorg33.msi..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Missing Sync for Android Sync Manager.lnk - c:\program files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe [2011-4-6 15584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]@="Service".R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]R2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-10-08 25640]R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-09 30528]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-02 1255736]R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]..Contents of the 'Scheduled Tasks' folder.2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000Core.job- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10].2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000UA.job- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://drudgereport.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlTrusted Zone: google.com\b.mailTrusted Zone: google.com\mailTrusted Zone: google.com\wwwTrusted Zone: paypal.com\wwwTCP: DhcpNameServer = 192.168.0.1DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Backup Assistant Plus\Backup Assistant Plus Service.exeWow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeSafeBoot-42150152.sysHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exeAddRemove-ThumbsPlus - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exeAddRemove-{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93} - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-10-10 11:27:22ComboFix-quarantined-files.txt 2012-10-10 15:27.Pre-Run: 167,099,609,088 bytes freePost-Run: 166,482,354,176 bytes free.- - End Of File - - 49F44405875008E9F8D6C3168609E369 Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605704 Share Posted October 10, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605710 Share Posted October 10, 2012 Whatever the most recent action was, I think you got it! I've been noticing ilivid pop ups present all morning, even on the sites you sent me to to download tools. But now I seem to be free of the sometimes lewd solicitations and prompts for player downloads. I'll give the thread an update this afternoon.Many thanks!MBAM:Malwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.10.10.06Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Joe :: MAG7 [administrator]Protection: Enabled10/10/2012 11:57:24 AMmbam-log-2012-10-10 (11-57-24).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 245790Time elapsed: 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605726 Share Posted October 10, 2012 Great Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.MrC Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605793 Share Posted October 10, 2012 Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! GFI Software VIPRE Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 31 Java version out of Date! Adobe Reader X 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe FireTrust MailWasher MailWasherPro.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
JoeBob Posted October 10, 2012 Author ID:605800 Share Posted October 10, 2012 Updated Java - directly from Oracle. I dislike the nag updater; in fact a Java spoof was one of the first MBAM quarantines.Updated Adobe Reader. Same nag issue.Drice C:/ is a solid state drive. Did not defrag. Link to post Share on other sites More sharing options...
MrCharlie Posted October 10, 2012 ID:605826 Share Posted October 10, 2012 Great.............A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 11, 2012 ID:606013 Share Posted October 11, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts