Jump to content

Re-direct Gone, but still have problems

Recommended Posts


I contracted the re-direct virus recently and ran malwarebytes as well as superantimalware prior to finding this forum. It seemed to remove the virus, but I am still have IE and Outlook stability issues. I am not sure if I have a problem with my system, or if a recent automatic upgrade is causing the instability. I have posted my logs below. Any help will be greatly appreciated.

Malwarebytes' Anti-Malware 1.46


Database version: 4189

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/11/2010 10:22:36 AM

mbam-log-2010-06-11 (10-22-36).txt

Scan type: Quick scan

Objects scanned: 145599

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSX64

Run by David Cox at 10:31:05.79 on Fri 06/11/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.1049 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============



C:\Windows\system32\svchost.exe -k DcomLaunch


C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService


C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt



C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted




C:\Windows\system32\svchost.exe -k WindowsMobile


C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k imgsvc



C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe


C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\David Cox\AppData\Local\Starfield\starfieldupdate.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe




C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe


C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe








C:\Windows\System32\svchost.exe -k swprv



C:\Users\David Cox\Desktop\dds.com


C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\syswow64\blank.htm

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files (x86)\flashget\jccatch.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files (x86)\flashget\getflash.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized

uRun: [AdobeBridge]

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [starfield Updater] "c:\users\david cox\appdata\local\starfield\starfieldupdate.exe"

uRun: [sUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe

mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [intuit SyncManager] c:\program files (x86)\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files (x86)\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Download All with FlashGet - c:\program files (x86)\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files (x86)\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files (x86)\flashget\FlashGet.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: kuaiche.com\software

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-19 308296]

R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-19 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-19 155456]

R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-19 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-19 102472]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-19 49480]

R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2007-6-8 212864]

R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2007-3-5 12288]

R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2007-4-25 266944]

R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2009-7-13 411136]

S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-2-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-5-6 68168]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-19 135664]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-19 1038088]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-19 40904]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1255736]

============== File Associations ===============


=============== Created Last 30 ================

2010-06-07 20:07:08 0 d-----w- c:\programdata\PDF reDirect

2010-06-07 20:06:38 0 d-----w- c:\program files (x86)\PDF reDirect

2010-06-06 14:20:34 65344 ----a-w- c:\windows\system32\PDFreDirectMon64.dll

2010-05-31 15:40:30 0 ----a-w- c:\users\david cox\defogger_reenable

2010-05-26 14:45:17 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-05-26 14:45:17 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-22 21:08:43 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-05-22 21:08:28 0 d-----w- c:\users\davidc~1\appdata\roaming\SUPERAntiSpyware.com

2010-05-22 21:08:28 0 d-----w- c:\program files (x86)\SUPERAntiSpyware

2010-05-22 21:08:02 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard

2010-05-21 01:21:54 0 d-----w- c:\windows\system32\appmgmt

2010-05-14 01:00:07 976896 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-14 01:00:07 740864 ----a-w- c:\windows\syswow64\inetcomm.dll

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll

2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll

2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-05-12 16:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll

2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll

2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 20:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-15 01:38:18 23145 ----a-w- c:\windows\hpqins15.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-02-08 00:51:09 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-24 03:05:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2010-01-24 03:05:57 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2010-01-24 03:05:57 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

2010-01-24 03:05:57 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-23 16:20:27 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:31:26.73 ===============

Link to post
Share on other sites

Hi dbcox And Welcome to Malwarebytes!

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer

Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories.

We'll install a free one that I use after we do a few scans..... :P

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.


  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Link to post
Share on other sites

Kenny 94,

Thank you for helping me out!

I am not sure why my anti virus software is not showing. I am running McAfee Security Center. It is a "special edition" for AOL, but I was under the impression it was the same as the one you get directly from McAfee. Any ideas?

On to a bigger problem though. I tried to install ComboFix and was told that it would work only on XP and 2000 machines. I am running Windows 7 64 bit. The only option I have is to click "OK" which then ends the installation. Is there another version I need to download?


Link to post
Share on other sites

Kenny 94,

Thank you for helping me out!

I am not sure why my anti virus software is not showing. I am running McAfee Security Center. It is a "special edition" for AOL, but I was under the impression it was the same as the one you get directly from McAfee. Any ideas?

On to a bigger problem though. I tried to install ComboFix and was told that it would work only on XP and 2000 machines. I am running Windows 7 64 bit. The only option I have is to click "OK" which then ends the installation. Is there another version I need to download?



I am just following up on this.


Link to post
Share on other sites

Sorry I missed your previous reply.

Please run this online scan

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

  • 2 weeks later...


I appologize for not getting back to you. Apparently we are not recieving email updates, so I did not check the board. I will check it at least once a day until we get this fixed to make sure there are not replies. I ran the scan and attached the HTML file (I could not find an option for a text file).

Since it has been so long since I ran all of the initial scans, do I need to re-run and re-post those?


Link to post
Share on other sites

Hi dbcox

Kaspersky Online Scanner is showing eight of these. These should be removed.

C:\Users\David Cox\Documents\ArchivedEmail\AchievedExchange.pst

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders/Files (if present):

C:\Users\David Cox\Documents\ArchivedEmail


Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites


Thank you for replying so soon. Is there a scanner that could locate the actual emails in the archived folder that is infected? That archived file is several gigs of emails, calendar appointments, etc that I cannot loose. I can access all emails in it through Outlook and delete the 8 emails that contain the virus, but I cannot loose all of them.

I wanted to check on that before peforming the other steps. Thanks again for your help!

Link to post
Share on other sites

Everything is running good with the exception of IE8. I keep getting random IE shutdowns. It usually recovers the page I am on, but it is very annoying. It may not be an issue with a virus. It could just be an issue with IE instability.


Link to post
Share on other sites

Lets use this fix for IE. While I'm checking into the emails.

Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Logo_FixIt_Final.pngMicrosoft Fix it Center Online

Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!

It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

  • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.

Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

Link to post
Share on other sites


I ran the diagnostic tool and found the following:


No problems detected

Connection to a Workplace Using Direct Access:

I do not have Direct Access setup

Diagnose and repair Windows File and Folder Problems:

Fixed issue with icons randomly change to different icons (I haven't noticed this)

Recyle Bin was corrupted (I didn't realize this, but it fixed it)

It fixed "View settings or customizations for a folder are lost or incorrect" issue (I haven't noticed any problems)

Display Quality:

It "adjusted my settings for better performance"

Hardware and Devices:

It scanned for new devices

It inabled my HP printer that I thought was enabled (It has been working fine)


It said that no network locations were set to "Home" My network has been running fine for a year or so now, so I did not enable this recommended fix to try to prevent a network nightmare

Internet Perforance and Safety Scan:

Disabled the Flashget add-on (This is a download accellerator that I use occassionally, but not as a plug in, so it's OK)

Disabled Data Execurtion Prevention (I am not sure what this does)

Disabled Smartscreen Filter (I don't know what this is)

Incoming Connections

I have not been having any trouble with the options it asked to check, so I did not run this check

Internet Connection - No problems

IE Performance

No issues detected

IE Safety

No issues detected

Network Adapter

No issues detected


I disabled a couple of startup programs that I no longer use

It suggested that I change the visual effects back from the "Display Quality" scan. I left it at "Adjust for best performance" for now

System Maintenance

No issues

Video Freeze or crashes in IE

No issues

IE Freezes or Crashes

I found a lot of toolbars that I thought I had gotten rid of a long time ago because there are not longer in my "Manage add-ons" However, it did not find any issues with the toolbars

There were some other scans that I did not run because I don't use them often (like windows DVD, Slideshow, etc). My guess is that the "Internet performance and safety scan fixed it" However, I will have to run the computer for a day or two to see if I get any IE crashes before I will know for sure. I will keep you updated. Thanks!

Link to post
Share on other sites


Yes, you are right, I can easily delete the emails. I don't really want to get rid of all attachments, but I am sure that the 8 with a problem are not necessary anyway. I can delete them, I just need to know which 8 out of the 1000s in that archive file are the ones that need to go. Unless I missed it, the log didn't tell us which 8 emails were the problem. Do you know a way to find out?

Also, my log is below:

Malwarebytes' Anti-Malware 1.46


Database version: 4244

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/26/2010 12:03:34 PM

mbam-log-2010-06-26 (12-03-34).txt

Scan type: Quick scan

Objects scanned: 150535

Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

As an update, so far IE has been fine since running the fix. It hasn't been long though, so I will continue to watch it. Thanks again!

Link to post
Share on other sites

Some final items for now dbcox

Here are some additional links for you to check out to help you with your computer security.


Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Secunia software inspector & update checker

My Blog Malware And Spyware Tips

Also, see here for system improvement: Help! My computer is slow!

Link to post
Share on other sites

Thank you again for all of your help!

Is there a package that you would recommend (does not have to be free) to monitor virus, spyware, etc on my machine. I almost purchased the spyware blaster pro version, but wanted to see if there was a suite that you would recommend rather than downloading it, a virus program and others all separately. Purchasing them separately is fine as well, I just want to make sure I am getting the best protection posible.


Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.