KarlWJohnson Posted December 9, 2013 ID:762220 Share Posted December 9, 2013 My machine seems to be infected with Twunk_32 virus. I ran a Malwarebytes Quick Scan and removed 14 items. No Twunk in my Process List in Task Manager but still seems like something is chewing up memory and CPU. Ran the DDS script. Here is my DDS.txt followed by my Attach.txt. Any advice on additional scrubbing to remove all viruses and remnants will be greatly appreciated. Karl DDS.txt======DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16520Run by Karl at 19:04:26 on 2013-12-08Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.1687 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\SLsvc.exeC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\AERTSrv.exeC:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exeC:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Windows\system32\msiexec.exeC:\Program Files\RemotelyAnywhere\x86\RaMaint.exeC:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\RtHDVCpl.exeC:\Program Files\RemotelyAnywhere\x86\RAGui.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Microsoft\BingDesktop\BingDesktop.exeC:\Users\Karl\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exeC:\Program Files\GamesBar\SearchEngineProtection.exeC:\Program Files\Quicken\bagent.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\regsvr32.exeC:\Users\Karl\AppData\Roaming\Malwarebytes\WINFE3D.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Caller ID\Caller ID.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Windows\system32\Taskmgr.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft\BingDesktop\BDExtHost.exeC:\Program Files\Microsoft\BingDesktop\BDAppHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exeC:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehRecvr.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluSearch Bar = PreserveBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dllBHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\gamesbar\2.0.1.73\oberontb.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dllBHO: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.73\oberontb.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [sansaDispatch] c:\users\karl\appdata\roaming\sandisk\sansa updater\SansaDispatch.exeuRun: [searchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exeuRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exeuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthiddenuRun: [3J1I3JVZ4C6V5F9XRQGTONYOGCILNLH] c:\recicle\3D39BD4BF2E.exe /quRun: [Facebook Update] "c:\users\karl\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserveruRun: [sidebar] c:\program files\windows sidebar\sidebar.exeuRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [uSmedia] regsvr32.exe c:\users\karl\appdata\local\usmedia\cd_ApiDll32.dlluRun: [GameServer506] "c:\users\karl\appdata\roaming\malwarebytes\WINFE3D.exe"mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [RtHDVCpl] RtHDVCpl.exemRun: [RemotelyAnywhere GUI] "c:\program files\remotelyanywhere\x86\RAGui.exe"mRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [HFALoader] c:\program files\hamster soft\free zip archiver\HamsterArc.exe -loadermRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [bingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkeyStartupFolder: c:\users\karl\appdata\roaming\micros~1\windows\startm~1\programs\startup\caller~1.lnk - c:\program files\caller id\Caller ID.exeStartupFolder: c:\users\karl\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exeStartupFolder: c:\users\karl\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -TCP: NameServer = 192.168.1.1TCP: Interfaces\{83CB1E84-6E77-4D0B-8467-B692F30C4E18} : DHCPNameServer = 192.168.1.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104768]R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2008-1-23 12856]R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2008-11-30 46000]R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2009-2-2 57216]R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2009-2-2 366976]R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2009-2-2 165248]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1ca09a5ed21dc7f;Google Update Service (gupdate1ca09a5ed21dc7f);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-12-9 83168]S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-9 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-22 30192]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-12-9 181344]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2013-12-08 23:56:31 -------- d-----w- c:\users\karl\appdata\roaming\Vihioq2013-12-08 23:56:24 -------- d-----w- c:\users\karl\appdata\roaming\Puuhhyg2013-12-08 23:55:14 -------- d-----w- c:\users\karl\appdata\roaming\Ginuolz2013-12-08 23:53:06 -------- d-----w- c:\users\karl\appdata\roaming\Zyeqehp2013-12-08 23:50:56 -------- d-----w- c:\users\karl\appdata\roaming\Lakitaw2013-12-08 23:50:19 -------- d-----w- c:\users\karl\appdata\roaming\Piuzacu2013-12-08 23:49:13 -------- d-----w- c:\users\karl\appdata\roaming\Xidiwof2013-12-08 23:48:37 -------- d-----w- c:\users\karl\appdata\roaming\Feuhmoy2013-12-08 18:27:51 -------- d-----w- c:\users\karl\appdata\local\USmedia2013-12-07 23:52:40 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d516e4ca-1c3d-47d0-8d75-5d4b4300a4e0}\mpengine.dll2013-12-06 23:55:24 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{73f71337-9b13-40e8-b092-efaed0f33443}\gapaengine.dll2013-12-06 23:52:23 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-11-13 06:17:26 297984 ----a-w- c:\windows\system32\gdi32.dll2013-11-13 06:17:23 993792 ----a-w- c:\windows\system32\crypt32.dll2013-11-13 06:17:19 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-13 06:17:19 444928 ----a-w- c:\windows\system32\IKEEXT.DLL.==================== Find3M ====================.2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe2013-11-13 22:54:04 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-11-13 22:54:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-09-27 15:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-09-27 15:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys.============= FINISH: 19:13:36.42 =============== Attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 8/22/2008 7:34:38 AMSystem Uptime: 12/8/2013 6:56:37 PM (1 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Core2 Duo CPU E8300 @ 2.83GHz | Socket 775 | 1998/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 456 GiB total, 47.646 GiB free.D: is FIXED (NTFS) - 10 GiB total, 6.16 GiB free.E: is CDROM ()F: is RemovableG: is FIXED (NTFS) - 233 GiB total, 86.982 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)16001600_Help1600Trb32 Bit HP CIO Components InstallerAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader 9.5.5AIO_CDB_ProductContextAIO_CDB_SoftwareAIO_ScanAmazon MP3 Downloader 1.0.12AnswerWorks 5.0 English RuntimeApple Application SupportApple Software UpdateAVer_ClearQAM 1.0.0.10AVerMedia M780 PCIe Combo ATSC/QAM + NTSC 2.5.0.29Bing BarBing DesktopBing Rewards Client InstallerBonjourBrowser Address Error RedirectorBufferChmBulk Rename Utility 2.7.1.1CCScoreCitrix ICA Web ClientCitrix XenApp Web PluginCopyCoupon Printer for WindowsCustomerResearchQFolderD3DX10Dell DataSafe OnlineDell DockDell Getting Started GuideDestination ComponentDeviceDiscoveryDeviceManagementQFolderDivX ConverterDivX Plus DirectShow FiltersDivX SetupDivX Version CheckerDocProcDocProcQFolderEDocsESSBrwrESSCDBKESScoreESSguiESSiniESSPCDESSPDockESSSONICESSTOOLSessvatgteSupportQFolderFacebook Video Calling 1.2.0.287FaxGamesBar 2.0.1.73Google ChromeGoogle DesktopGoogle EarthGoogle Toolbar for FirefoxGoogle Toolbar for Internet ExplorerGoogle Update HelperGoogle UpdaterGoToAssist 8.0.0.514Hamster Free ZIP Archiver 1.2.0.6Hamster Lite Archiver 2.0.1.3HandBrake 0.9.6HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)HP Customer Participation Program 8.0HP Imaging Device Functions 8.0HP OCR Software 8.0HP Photo CreationsHP Photosmart 5520 series Basic Device SoftwareHP Photosmart 5520 series HelpHP Photosmart 5520 series Product Improvement StudyHP Photosmart EssentialHP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.BHP Product AssistantHP Solution Center 8.0HP UpdateHPDiagnosticAlertHPProductAssistantHPSSupplyIntel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.11.0iSEEK AnswerWorks English RuntimeJava Auto UpdaterJava 6 Update 23Junk Mail filter updateK-Lite Codec Pack 6.1.0 (Standard)kgcbaseKodak EasyShare softwareMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMesh RuntimeMessenger CompanionMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft CorporationMicrosoft LifeCamMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft UI EngineMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyFreeCodecnetbrdgNewsLeecher v5.0 FinalOfotoXMIOGA Notifier 2.0.0048.0Picasa 3Quicken 2013QuickTimeRealtek High Definition Audio DriverReimage RepairRemotelyAnywhereRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSAMSUNG USB Driver for Mobile PhonesSansa UpdaterScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827329) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionSegoe UISFRSHASTAskin0001SKINXSDKSolutionCenterstaticcrStatusSystem Requirements Lab for IntelToolboxtooltipsTrayAppTurboTax 2009TurboTax 2009 wiliperTurboTax 2009 WinPerFedFormsetTurboTax 2009 WinPerReleaseEngineTurboTax 2009 WinPerTaxSupportTurboTax 2009 wrapperTurboTax 2010TurboTax 2010 wiliperTurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wrapperTurboTax 2011TurboTax 2011 wiliperTurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wrapperTurboTax 2012TurboTax 2012 wiliperTurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wrapperUnloadSupportUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VC80CRTRedist - 8.0.50727.6195VPRINTOLWebRegWindows 7 Upgrade AdvisorWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Mobile Device Updater ComponentWIRELESSXFINITY Caller IDZuneZune Language Pack (CHS)Zune Language Pack (CHT)Zune Language Pack (CSY)Zune Language Pack (DAN)Zune Language Pack (DEU)Zune Language Pack (ELL)Zune Language Pack (ESP)Zune Language Pack (FIN)Zune Language Pack (FRA)Zune Language Pack (HUN)Zune Language Pack (IND)Zune Language Pack (ITA)Zune Language Pack (JPN)Zune Language Pack (KOR)Zune Language Pack (MSL)Zune Language Pack (NLD)Zune Language Pack (NOR)Zune Language Pack (PLK)Zune Language Pack (PTB)Zune Language Pack (PTG)Zune Language Pack (RUS)Zune Language Pack (SVE).==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2013 Root Admin ID:762875 Share Posted December 10, 2013 Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 13, 2013 Author ID:764094 Share Posted December 13, 2013 I completed the Combofix download, installation and scan. The Combofix.txt file is attached. I also noticed that two very large files (~4 GB each) were created during the process and stored in the C: root directory:hiberfil.syspagefile.sysAre they operating files? Can I delete them? What is their purpose? ComboFix.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 14, 2013 Root Admin ID:764217 Share Posted December 14, 2013 Those are both valid system files and no do not touch them. They're show because show hidden files was enabled as part of running the tool. Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767039 Share Posted December 21, 2013 I've completed Step 3, 4 and 5. Files are attached. Sorry I can't find the log file from the final Malwarebytes Anti-Malware Quick Scan. Where is it typically stored? All seems OK but I cannot download any files. I had to use a different computer and a thumb drive to get JR and Mbar. Please advise.mbar-log-2013-12-20 (17-58-57).txtsystem-log.txtJRT.txtAdwCleanerR0.txtAdwCleanerS0.txt Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767041 Share Posted December 21, 2013 When I run the ESET Scanner, nothing happens, just an empty dialog box. Any advice? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 21, 2013 Root Admin ID:767057 Share Posted December 21, 2013 Please download the following scanner from Kaspersky and save it to your computer: TDSSkillerThen watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.Once the tool has completed scanning make sure to re-enable your other security applications. Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767062 Share Posted December 21, 2013 Ran the TDSSKiller as instructed in the vid. No threats. Logs attached. When downloading tdsskiller, I got the "couldn't be downloaded" message but the file appeared on my desktop. Weird. Please advise.TDSSKiller.3.0.0.19_20.12.2013_21.36.39_log.txtTDSSKiller.3.0.0.19_20.12.2013_21.41.30_log.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 21, 2013 Root Admin ID:767066 Share Posted December 21, 2013 Please double check that your date and time on the computer are correct. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767073 Share Posted December 21, 2013 Time and date on my machine are correct. why are you asking? Friday, December 20, 2013 at 10:15 pm CST. Resetting browser did not help. I tried this earlier today and just repeated the process. Now everytime I click a link in email the browser session appears in "inPrivate" and the screen is blank. Still can't dowload anything. Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767075 Share Posted December 21, 2013 Now my browsing sessions are being hijacked to spoof sites. Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767093 Share Posted December 21, 2013 I ran another mbam Quick Scan - nothing reported but I attached the log file. I ran HijackThis and attached the log file. Please advise.mbam-log-2013-12-20 (22-41-22).txthijackthis.log Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767102 Share Posted December 21, 2013 I ran the Farbar tool and attached the two log files.Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 21, 2013 Root Admin ID:767104 Share Posted December 21, 2013 Please uninstall ALL versions of Java from your Control Panel, Add/Remove Then run the following and restart the computer when done. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767116 Share Posted December 21, 2013 Downloaded file. Ran FRST. Rebooted. Log attached.Fixlog.txt Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767121 Share Posted December 21, 2013 Working much better. No hijacking, downloads OK, no InPrivate. Reinstall Java? Thanks alot, Ron. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 21, 2013 Root Admin ID:767122 Share Posted December 21, 2013 No, not yet please. If at all possible one should try to do without Java unless you really need to have it. Most users don't need it but some do. Please download Security Check by screen317 from HERE or HERE.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. If you get Unsupported operating system. Aborting now, just reboot and try again. A Notepad document should open automatically called checkup.txt. Please Post the contents of that document. Do Not Attach It!!! Link to post Share on other sites More sharing options...
KarlWJohnson Posted December 21, 2013 Author ID:767127 Share Posted December 21, 2013 Ran Security Check. Output here: Late, need sleep. Please post any advice. Will check in the morning. Thanks again, Ron. Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.75.0.1300 HijackThis 2.0.2 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (for.) Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 21, 2013 Root Admin ID:767128 Share Posted December 21, 2013 All looks pretty good at this point. Just check inside your Adobe Reader to make sure there are no updates for it if there are then please update.The Hijackthis tool is not used much anymore these days and not a security threat so no real big issue there. At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know.Let's go ahead and remove the tools and logs we've used during this process.Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.They are often updated daily so if you went to use them again in the future they would be outdated anyways.The following procedures will implement some cleanup procedures to remove these tools.It will also reset your System Restore by flushing out previous restore points and create a new restore point.It will also remove all the backups our tools may have created.Uninstall ComboFix (if used):Turn off all active protection software including your antivirus.Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)Please copy and past the following into the box ComboFix /Uninstall and click OK.Note the space between the X and the /Uninstall, it needs to be there. Remove the rest of the tools used: Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe.Click the CleanUp! button.Select Yes when the "Begin cleanup Process?" prompt appears.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes, if not go ahead and delete it by yourself.If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.AdwCleaner Removal:Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesESET antivirus Removal:This tool can be uninstalled via the Control Panel, Programs, Uninstall If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8Remove all but the most recent Restore Point on Windows XPAs Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable JavaA lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.How Malware Spreads - How did I get infectedBest Practices for Safe Computing - Prevention of Malware InfectionAvoiding those unwanted free applicationsA close look at how Oracle installs deceptive software with Java updatesIAC / Ask.com toolbarsMalwarebytes Unpacked BlogIf you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:769789 Share Posted December 28, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts