Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove Api.Mybrowserbar.com [Closed]


  • This topic is locked This topic is locked

#1
Trav Nash

Trav Nash

    New Member

  • Member
  • Pip
  • 3 posts
hey,
I think my browser has been hijacked it constantly gets redirected to www.api.mybrowser.com. It's been a constant annoyance. I have tried numerous applications that seem to find nothing. If anyone could help with the problem this would be greatly appreciated.

thanks
Trav*
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download OTS by OldTimer and unzip it to your Desktop..

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers and Registry section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
    • Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Attach the log in your next replies.. Don't post it.. It will be too large to fit into a single post..




NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results




ATTACH these logs in your next reply

1. OTS
2. GMER
  • 0

#3
Trav Nash

Trav Nash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thank you for the reply, I have followed the steps and attached the results.

Trav*

Attached Files


  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
OTS Fix

Open OTS.. Copy/paste below into Paste Fix Here and then click on the Run Fix button.. Let it finishes and reboot the computer.. Post the log here in your next reply..

[Kill All Processes]
[Unregister Dlls]
[Processes - Safe List]
YY -> searchsettings.exe -> C:\Program Files\Dealio Toolbar\SearchSettings.exe
YY -> applicationupdater.exe -> C:\Program Files\Application Updater\ApplicationUpdater.exe
[Win32 Services - Safe List]
YY -> (Application Updater) Application Updater [Auto | Running] -> C:\Program Files\Application Updater\ApplicationUpdater.exe
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Tess & Trav\AppData\Roaming\Mozilla\FireFox\Profiles\p0d5vb4l.default\prefs.js
YN -> extensions.enabledItems -> [email protected]:1.2.3
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [HKLM] -> C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [Dealio Toolbar]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YY -> {E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> C:\Program Files\Dealio Toolbar\SearchSettings.dll [Reg Error: Value error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}" [HKLM] -> C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [Dealio Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "SearchSettings" -> C:\Program Files\Dealio Toolbar\SearchSettings.exe [C:\Program Files\Dealio Toolbar\SearchSettings.exe]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YY -> \E\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YY -> \F\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YY -> \{16fe0fb1-3b51-11de-a9ed-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{1d914607-6952-11de-9e94-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d914607-6952-11de-9e94-0016d41b4317}\shell -> 
YN -> \{1d914607-6952-11de-9e94-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d914607-6952-11de-9e94-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{1d914607-6952-11de-9e94-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{23b5c04a-f68e-11de-9068-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23b5c04a-f68e-11de-9068-0016d41b4317}\shell -> 
YN -> \{23b5c04a-f68e-11de-9068-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23b5c04a-f68e-11de-9068-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{23b5c04a-f68e-11de-9068-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{23b5c059-f68e-11de-9068-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23b5c059-f68e-11de-9068-0016d41b4317}\shell -> 
YN -> \{23b5c059-f68e-11de-9068-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23b5c059-f68e-11de-9068-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{23b5c059-f68e-11de-9068-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{26a7adca-f740-11de-bb74-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a7adca-f740-11de-bb74-0016d41b4317}\shell -> 
YN -> \{26a7adca-f740-11de-bb74-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a7adca-f740-11de-bb74-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{26a7adca-f740-11de-bb74-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{26a7adcc-f740-11de-bb74-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a7adcc-f740-11de-bb74-0016d41b4317}\shell -> 
YN -> \{26a7adcc-f740-11de-bb74-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a7adcc-f740-11de-bb74-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{26a7adcc-f740-11de-bb74-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{2d86ad4b-f388-11de-9c9b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d86ad4b-f388-11de-9c9b-0016d41b4317}\shell -> 
YN -> \{2d86ad4b-f388-11de-9c9b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d86ad4b-f388-11de-9c9b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{2d86ad4b-f388-11de-9c9b-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{2d86ad4d-f388-11de-9c9b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d86ad4d-f388-11de-9c9b-0016d41b4317}\shell -> 
YN -> \{2d86ad4d-f388-11de-9c9b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d86ad4d-f388-11de-9c9b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{2d86ad4d-f388-11de-9c9b-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{330f0712-065d-11df-b91b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0712-065d-11df-b91b-0016d41b4317}\shell -> 
YN -> \{330f0712-065d-11df-b91b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0712-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{330f0712-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{330f0715-065d-11df-b91b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0715-065d-11df-b91b-0016d41b4317}\shell -> 
YN -> \{330f0715-065d-11df-b91b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0715-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{330f0715-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{330f0724-065d-11df-b91b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0724-065d-11df-b91b-0016d41b4317}\shell -> 
YN -> \{330f0724-065d-11df-b91b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0724-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{330f0724-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{330f0726-065d-11df-b91b-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0726-065d-11df-b91b-0016d41b4317}\shell -> 
YN -> \{330f0726-065d-11df-b91b-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330f0726-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{330f0726-065d-11df-b91b-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{5a571c56-f7ef-11de-b3f3-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a571c56-f7ef-11de-b3f3-0016d41b4317}\shell -> 
YN -> \{5a571c56-f7ef-11de-b3f3-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a571c56-f7ef-11de-b3f3-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{5a571c56-f7ef-11de-b3f3-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{65775a68-0e2c-11de-8359-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65775a68-0e2c-11de-8359-0016d41b4317}\shell -> 
YN -> \{65775a68-0e2c-11de-8359-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65775a68-0e2c-11de-8359-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{65775a68-0e2c-11de-8359-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{65775a9d-0e2c-11de-8359-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65775a9d-0e2c-11de-8359-0016d41b4317}\shell -> 
YN -> \{65775a9d-0e2c-11de-8359-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65775a9d-0e2c-11de-8359-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{65775a9d-0e2c-11de-8359-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{7035f452-09a2-11df-bccf-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7035f452-09a2-11df-bccf-0016d41b4317}\shell -> 
YN -> \{7035f452-09a2-11df-bccf-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7035f452-09a2-11df-bccf-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{7035f452-09a2-11df-bccf-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{72c25e2c-0a64-11df-8d21-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c25e2c-0a64-11df-8d21-0016d41b4317}\shell -> 
YN -> \{72c25e2c-0a64-11df-8d21-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c25e2c-0a64-11df-8d21-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{72c25e2c-0a64-11df-8d21-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{8c926299-0ee6-11de-a369-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c926299-0ee6-11de-a369-0016d41b4317}\shell -> 
YN -> \{8c926299-0ee6-11de-a369-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c926299-0ee6-11de-a369-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{8c926299-0ee6-11de-a369-0016d41b4317}\shell\AutoRun\command\\"" -> H:\AutoRun.exe [H:\AutoRun.exe]
YN -> \{94999cf7-8df0-11de-8a3d-806e6f6e6963} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94999cf7-8df0-11de-8a3d-806e6f6e6963}\shell -> 
YN -> \{94999cf7-8df0-11de-8a3d-806e6f6e6963}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94999cf7-8df0-11de-8a3d-806e6f6e6963}\shell\AutoRun\command -> 
YY -> \{94999cf7-8df0-11de-8a3d-806e6f6e6963}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{94999d45-8df0-11de-8a3d-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94999d45-8df0-11de-8a3d-0016d41b4317}\shell -> 
YN -> \{94999d45-8df0-11de-8a3d-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94999d45-8df0-11de-8a3d-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{94999d45-8df0-11de-8a3d-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{9ba73f6f-d011-11de-9c2d-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba73f6f-d011-11de-9c2d-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{9ba73f6f-d011-11de-9c2d-0016d41b4317}\shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe]
YN -> \{9ba73f6f-d011-11de-9c2d-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba73f6f-d011-11de-9c2d-0016d41b4317}\shell\open\command -> 
YY -> \{9ba73f6f-d011-11de-9c2d-0016d41b4317}\shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe]
YY -> \{a9956a5d-8ed1-11de-bfed-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{b7457e18-0926-11df-af2e-806e6f6e6963} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7457e18-0926-11df-af2e-806e6f6e6963}\shell -> 
YN -> \{b7457e18-0926-11df-af2e-806e6f6e6963}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7457e18-0926-11df-af2e-806e6f6e6963}\shell\AutoRun\command -> 
YY -> \{b7457e18-0926-11df-af2e-806e6f6e6963}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{b7457e9a-0926-11df-af2e-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7457e9a-0926-11df-af2e-0016d41b4317}\shell -> 
YN -> \{b7457e9a-0926-11df-af2e-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7457e9a-0926-11df-af2e-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{b7457e9a-0926-11df-af2e-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{da90b493-0106-11df-ae10-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da90b493-0106-11df-ae10-0016d41b4317}\shell -> 
YN -> \{da90b493-0106-11df-ae10-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da90b493-0106-11df-ae10-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{da90b493-0106-11df-ae10-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{da90b4af-0106-11df-ae10-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da90b4af-0106-11df-ae10-0016d41b4317}\shell -> 
YN -> \{da90b4af-0106-11df-ae10-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da90b4af-0106-11df-ae10-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{da90b4af-0106-11df-ae10-0016d41b4317}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YN -> \{df2fb6c4-2b0e-11de-a098-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df2fb6c4-2b0e-11de-a098-0016d41b4317}\shell -> 
YN -> \{df2fb6c4-2b0e-11de-a098-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df2fb6c4-2b0e-11de-a098-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{df2fb6c4-2b0e-11de-a098-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YN -> \{fe84e47d-1ff5-11de-bd19-0016d41b4317} -> 
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe84e47d-1ff5-11de-bd19-0016d41b4317}\shell -> 
YN -> \{fe84e47d-1ff5-11de-bd19-0016d41b4317}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe84e47d-1ff5-11de-bd19-0016d41b4317}\shell\AutoRun\command -> 
YY -> \{fe84e47d-1ff5-11de-bd19-0016d41b4317}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
[Registry - Additional Scans - Safe List]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YY -> {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [HKLM] -> C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [Dealio Toolbar]
[Files/Folders - Created Within 60 Days]
NY ->  Dealio Toolbar -> C:\Program Files\Dealio Toolbar
[Files - No Company Name]
NY ->  RdCi1093.dll -> C:\Windows\System32\RdCi1093.dll
[Empty Temp Folders]
[CreateRestorePoint]
[Start Explorer]
[Reboot]





Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#5
Trav Nash

Trav Nash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
sorry for the late reply, so far I have had no trouble with any redirecting web pages.
I have attached the two logs you have requested.
nash*

Attached Files


  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP