Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus.

Started by @thorntonrich , Jun 23 2011 01:03 PM

  • Please log in to reply

#16
RKinner
Posted 30 June 2011 - 01:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I clicked on the link and Avast claimed it blocked a malicious website so just as well you didn't get there.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

Advertisements

#17
@thorntonrich
Posted 30 June 2011 - 05:22 PM

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The ESET scan report:

C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Default\hfgkjmhfbafcnmkkambeaemnklfnbani\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Richard\Documents\LimeWire\Saved\just another diamond day [cd rip].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

and the ESET file located at C:\Program Files\EsetOnlineScanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK



The BitSCan report:



QuickScan Beta 32-bit v0.9.9.97
-------------------------------
Scan date: Thu Jun 30 23:29:21 2011
Machine ID: 7451C287



No infection found.
-------------------



Processes
---------
Flash® Player Installer/Uninstaller 4716 C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
Google Chrome 1924 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2520 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3892 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5208 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 6120 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
iTunes 444 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 432 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies TrayAgent 1048 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR 1124 C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Microsoft® Windows® Operating System 4508 C:\Program Files\Internet Explorer\ieuser.exe
Microsoft® Windows® Operating System 848 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 2528 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 2552 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 1948 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 2276 C:\Windows\System32\taskeng.exe
PC Connectivity Solution 2544 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
Windows® Internet Explorer 2848 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Microsoft® Windows® Operating System 1240 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1496 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 664 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 1676 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 5216 C:\Windows\System32\wuauclt.exe


Network activity
----------------
Process chrome.exe (2520) connected on port 443 (HTTP over SSL) --> 74.125.39.95
Process chrome.exe (2520) connected on port 443 (HTTP over SSL) --> 74.125.39.102
Process chrome.exe (2520) connected on port 443 (HTTP over SSL) --> 74.125.39.132



Autoruns and critical files
---------------------------
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies C:\Program Files\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Lexmark Connect C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System C:\Windows\system32\Ribbons.scr
Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
Windows® Internet Explorer C:\Windows\system32\webcheck.dll
(verified) Google Update C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BitDefender QuickScan C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.97_0\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
doubleTwist BHO Plugin 1, 3, 0, 0 C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
doubletwist Plugin 1, 3, 0, 0 C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
Google Update C:\Users\Richard\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Support Diagnostic Tool C:\Windows\Downloaded Program Files\MSDCode.DLL
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
Picture Manager, Wells and Layout C:\Windows\Downloaded Program Files\EPUWALcontrol.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
StumbleUpon Toolbar C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
Veetle TV Core C:\Program Files\Veetle\plugins\npVeetle.dll
Veetle TV Player C:\Program Files\Veetle\Player\npvlc.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll


Scan
----
MD5: 3f665cde964fc1efda762d01fda7c71e C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: c59640ab3a0148b800759438cd6de7fc C:\Program Files\Alwil Software\Avast5\AvastGUIProxy.dll
MD5: 7de3ee7dbee14c1f8375cb82466c9321 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 1ae2742bc95ff26fd8868d47ce201a16 C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: d36ed326635f4f04a330022343d3b486 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MD5: 193fa51dddd0bffded1c340f0434999a C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 9947ad5153ecde6e41cade999c4f94da C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
MD5: 84e410ddb217198302cab204401e2bea C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
MD5: 1a7860f5544ac3c1277360c839f788da C:\Program Files\Common Files\doubleTwist\PluginCommon.dll
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: c55c71d48c43d55b3eb6dd34d64d1376 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MD5: 8e46a7bac823dd82d4fb2a34c3df4c1d C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
MD5: 753a8f339f231d2b857e2ccd51a6e6ca C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
MD5: e3e6c96b0ef4492c3c8fd0deef4e35a1 C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
MD5: 977aaa4398d7d6fa65d973f5b3f54e40 C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
MD5: 756e371b3b86a3d3039926d32eac0e8d C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
MD5: d7d23aee5d0a0e257c511e2a162f22ec C:\Program Files\Common Files\Steam\SteamService.exe
MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 68d19db34ba83c00b557e22647be360d C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Google\Picasa3\npPicasa3.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 5b2e1c16a2c420f60cd391b666003f14 C:\Program Files\Internet Explorer\ieuser.exe
MD5: 77b9a891222fb46b13e414b99e1af842 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: b84a28b3984185eda8867541af14cddb C:\Program Files\iPod\bin\iPodService.exe
MD5: ba0f6dcc3181a4e3cbb02ec41153bb72 C:\Program Files\iTunes\iTunesHelper.dll
MD5: 53d96678fb89f056d5285101481297d9 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 99aaa6c83d40be9db1ba81141b2aebc8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 562814461db20253b42bb806c994d20d C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 7f8aefd3bbc0f30c42c59fd27a828dcf C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 2487c45b64790fc210547919f18fac71 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: 269552e0e5bd5bfe0da7ad42fac34c37 C:\Program Files\Microsoft Office\Office12\msohevi.dll
MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 257cab50360a7d21ea237f2d8eee8478 C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe
MD5: 3bae2bfcb6d69e19c8373f635dd544dc C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
MD5: 77faa749c34193f003f666d2e368a1f8 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
MD5: 10ef3a89cd61f1b931216016383853ab C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
MD5: 4dfe4cef1aeec1025380d7ebf40e8e2b C:\Program Files\PeerBlock\pbfilter.sys
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 29b060079a9129553e3fa75edb8243bb C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 4c23e74ef7f99d8b07c9aa7dc087e200 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 9c524852db071fef821d28672a4da929 C:\Program Files\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: b3a3c31b5c1482ca4cabfa4ef3f7aeb2 C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MD5: 431ff52cca2f788c59eb8850dac8bcd7 C:\Program Files\Samsung\Kies\KiesHelper.exe
MD5: b2fac44d4746cd6dbe74b63ddd1c8613 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MD5: 086223ebbf52794016f6292dfddfd19c C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
MD5: 866b027053f3a40bc36126d265c78e96 C:\Program Files\Veetle\Player\npvlc.dll
MD5: c50b22c8d91a76069a993a2b5197a296 C:\Program Files\Veetle\plugins\npVeetle.dll
MD5: fd278e51a7d6f52d22fce6c67e037ad6 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 17e426ef164563ef79588a764876e5e9 C:\Program Files\Yahoo!\Shared\npYState.dll
MD5: d7c0a1d1dda5e0dbed1532a3932fed5d C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\avcodec-52.dll
MD5: 6223afd48d4aca148a8491984b047b5d C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\avformat-52.dll
MD5: 18bc712e0634e385ae16ff11f082f28b C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\avutil-50.dll
MD5: 4375470e685d6a02c4cae2fa4ef43a3a C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\chrome.dll
MD5: 70e875b0760af23814b562981135c88f C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\icudt.dll
MD5: a08998a4b4c4e0a4ee8a35540474de7e C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\pdf.dll
MD5: 0aec04837002925dc3f7aa2c8d47d760 C:\Users\Richard\AppData\Local\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
MD5: 2c1b3203c86eeba979c3edbba4aa0698 C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: 52db04cdedc71a2c3e01bf962839e629 C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.97_0\npqscan.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Users\Richard\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: ab26aa5f24fa96fec4a7b0c70df5af27 C:\Users\Richard\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MD5: 05e3bac0d6d3bf468754dd9fe8f5e9d2 C:\Windows\AppPatch\AcLayers.DLL
MD5: f4d241169a2635e28732ca51c3adb1ec C:\Windows\AppPatch\AcRedir.DLL
MD5: 5598696fc642ff1409bb27bb3fd20767 C:\Windows\AppPatch\AcSpecfc.DLL
MD5: a0b22cd7628dbda754fb254e55f0ac80 C:\Windows\AppPatch\iebrshim.dll
MD5: a2b9047463f1297403dec0de4df2298a C:\Windows\Downloaded Program Files\EPUWALcontrol.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 3519f985b5c3980ea0ebeb8f056692b9 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 1986443c2f2c0e2a18e908dd241bf84d C:\Windows\Microsoft.NET\Framework\v4.0.30319\culture.dll
MD5: ae32215e48ca54cde97b9f55a6784c58 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: 56d16a44691c0337dd0ef3f3008a9977 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: ebc6332093aec6a4fbf2c3919d03877a C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
MD5: c77f71aa825263541965846edd9e8729 C:\Windows\system32\ADVPACK.DLL
MD5: 58ee7f5e68310bc8d4e7cebd8358c12e C:\Windows\System32\bthserv.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: ee11e4fe19d61275246e5772bc1ec795 C:\Windows\system32\comsvcs.dll
MD5: bf6f0c2df119f71c22c00525adf2ee56 C:\Windows\system32\corpol.dll
MD5: 615a3b1cda204e8123c5472540d229c0 C:\Windows\system32\CRYPTUI.dll
MD5: 9b95c40449b6953cc3cf8bd1ebd836ed C:\Windows\system32\dlbkcoms.exe
MD5: 5665120753fce7123c4deace241ee715 C:\Windows\system32\DNSAPI.dll
MD5: 4805d9a6d281c7a7defd9094dec6af7d C:\Windows\System32\dnsrslvr.dll
MD5: 48eb99503533c27ac6135648e5474457 C:\Windows\system32\drivers\afd.sys
MD5: 9bdc8e9ce17b773f69d2c6696c768c4f C:\Windows\system32\drivers\aswMonFlt.sys
MD5: dcdfc3a5a8b239055aab6bd975ada889 C:\Windows\system32\DRIVERS\athr.sys
MD5: 3c4b9850a2631c2263507400d029057b C:\Windows\system32\DRIVERS\atksgt.sys
MD5: 8153396d5551276227fa146900f734e6 C:\Windows\system32\DRIVERS\bowser.sys
MD5: 82b8c91d327cfecf76cb58716f7d4997 C:\Windows\system32\drivers\compbatt.sys
MD5: a3e9fa213f443ac77c7746119d13feec C:\Windows\System32\Drivers\dfsc.sys
MD5: 6216fd7fd227de454238a702b218cec7 C:\Windows\System32\drivers\dgderdrv.sys
MD5: 97469037714070e45194ed318d636401 C:\Windows\system32\drivers\intelide.sys
MD5: ce44cc04262f28216dd4341e9e36a16f C:\Windows\system32\DRIVERS\intelppm.sys
MD5: cf79ff3d10864f73660a34e006b6b8f8 C:\Windows\system32\drivers\iPodDrv.sys
MD5: e50a95179211b12946f7e035d60af560 C:\Windows\system32\DRIVERS\irda.sys
MD5: 5896b5ff6332ab2be1582523e9656a67 C:\Windows\system32\DRIVERS\irsir.sys
MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\Windows\system32\DRIVERS\lirsgt.sys
MD5: b309912717c29fc67e1ba4730a82b6dd C:\Windows\system32\drivers\mbamswissarmy.sys
MD5: 5734a0f2be7e495f7d3ed6efd4b9f5a1 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: cf6e972f8e0d0f2970360a17572b366b C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 5c80d8159181c7abf1b14ba703b01e0b C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 417334447945c9e111ffd881f7bf4d08 C:\Windows\System32\Drivers\NETMD033.sys
MD5: bd409de5681c74c1de51d72427dc202d C:\Windows\system32\DRIVERS\nvlddmkm.sys
MD5: d668632606d1cebf0b6ec64c1df7ed6f C:\Windows\system32\DRIVERS\nvmfdx32.sys
MD5: 4a5fcab82d9bf6af8a023a66802fe9e9 C:\Windows\system32\drivers\nvstor.sys
MD5: dc5f166422beebf195e3e4bb8ab4ee22 C:\Windows\system32\DRIVERS\nvstor32.sys
MD5: 8a79fdf04a73428597e2caf9d0d67850 C:\Windows\system32\DRIVERS\parport.sys
MD5: 6c580025c81caf3ae9e3617c22cad00e C:\Windows\system32\DRIVERS\parvdm.sys
MD5: fd2041e9ba03db7764b2248f02475079 C:\Windows\system32\DRIVERS\pccsmcfd.sys
MD5: e56e57cfb75b1ee2bb001ad036c27fbb C:\Windows\system32\DRIVERS\point32k.sys
MD5: e1ab463b36a7ef31d8a73a97a9b57afa C:\Windows\system32\DRIVERS\s115bus.sys
MD5: e24113fc13b8737c94cf4e3415488c76 C:\Windows\system32\DRIVERS\s115mdfl.sys
MD5: 4029e49e7c673aa0670bd206b0af1b5b C:\Windows\system32\DRIVERS\s115mdm.sys
MD5: eb02ab4ca8bccecfde236cad8fc6e135 C:\Windows\system32\DRIVERS\s115mgmt.sys
MD5: 089869db9ffd2ac807fa87fe82ac7761 C:\Windows\system32\DRIVERS\s115obex.sys
MD5: 1f561844318914e7eb6e54673a4cc54c C:\Windows\system32\DRIVERS\s117bus.sys
MD5: ba93eec3cdf6a63b77ae66221aa4f902 C:\Windows\system32\DRIVERS\s117mdfl.sys
MD5: cba12fd8a8ee5b5cdfbbae2381cd6703 C:\Windows\system32\DRIVERS\s117mdm.sys
MD5: bd6483e64b1da17e812b34bcdefd9459 C:\Windows\system32\DRIVERS\s117mgmt.sys
MD5: c7ca36c3054b4cd47a1f6611b046e2f9 C:\Windows\system32\DRIVERS\s117nd5.sys
MD5: e290b3a6b58fb72ca97dd48d64e4fc1c C:\Windows\system32\DRIVERS\s117obex.sys
MD5: 5c4d1ba23c7511ac880e8ba7baa80dba C:\Windows\system32\DRIVERS\s117unic.sys
MD5: ce9ec966638ef0b10b864ddedf62a099 C:\Windows\system32\DRIVERS\serenum.sys
MD5: 6d663022db3e7058907784ae14b69898 C:\Windows\system32\DRIVERS\serial.sys
MD5: 103b79418da647736ee95645f305f68a C:\Windows\system32\drivers\sffdisk.sys
MD5: 9cfa05fcfcb7124e69cfc812b72f9614 C:\Windows\system32\drivers\sffp_sd.sys
MD5: 2252aef839b1093d16761189f45af885 C:\Windows\System32\DRIVERS\srv.sys
MD5: b7ff59408034119476b00a81bb53d5d1 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 2accc9b12af02030f531e6cca6f8b76e C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 48f44a1be434830b7c90fb730745f65a C:\Windows\system32\DRIVERS\ssadbus.sys
MD5: 9630b486b62cc0adb0a89152ed0218d7 C:\Windows\system32\DRIVERS\ssadmdfl.sys
MD5: 9afaa23421622c392b55508fa9613949 C:\Windows\system32\DRIVERS\ssadmdm.sys
MD5: 069351a1d7d291013177a90ae6edccbc C:\Windows\system32\DRIVERS\sscdbus.sys
MD5: 1c925be223a5c0f9f469252292a48df6 C:\Windows\system32\DRIVERS\sscdmdfl.sys
MD5: ae3e77ae0fbdb07eb1ac3fed74a0695e C:\Windows\system32\DRIVERS\sscdmdm.sys
MD5: eb2283c0a4dfbd2e53d14f2c4d5a1e89 C:\Windows\system32\drivers\tmcomm.sys
MD5: ee181a08e09db23cf4a49b46a1e66bb8 C:\Windows\system32\DRIVERS\usb8023x.sys
MD5: c1ca131f4e3ed63d6bc89a35ffad4cda C:\Windows\System32\Drivers\usbaapl.sys
MD5: 7bdb7b0e7d45ac0402d78b90789ef47c C:\Windows\system32\DRIVERS\usbohci.sys
MD5: a96191470581a7091420d25ecd444502 C:\Windows\system32\drivers\usbser.sys
MD5: 325dbbacb8a36af9988ccf40eac228cc C:\Windows\system32\DRIVERS\usbuhci.sys
MD5: f03110711b17ad31271cb2baf0dbb2b1 C:\Windows\system32\DRIVERS\winusb.sys
MD5: 701a9f884a294327e9141d73746ee279 C:\Windows\system32\drivers\wmiacpi.sys
MD5: 0cec23084b51b8288099eb710224e955 C:\Windows\system32\DRIVERS\wpdusb.sys
MD5: b68fcc1f8684ab3ec4be4d0a2537d26d C:\Windows\system32\Dxtmsft.dll
MD5: d12feb0e3ea6063a65a5498ed90fd790 C:\Windows\system32\Dxtrans.dll
MD5: b7bf68e1fee5fbc360fabdf8c4f4540a C:\Windows\system32\fdproxy.dll
MD5: b07663a810e861eebfd0eac7e82ca62d C:\Windows\system32\FsUsbExDisk.SYS
MD5: f96c429788350db4ba6771c3034dfd88 C:\Windows\system32\FsUsbExService.Exe
MD5: d547391c463e4b329b597a3bc07ea29d C:\Windows\system32\FunDisc.dll
MD5: d5e8f09e9db9eb3a81925f7e634b95be C:\Windows\system32\ieapfltr.dll
MD5: 92047ade3fe9ff51132bc14fb8d77997 C:\Windows\system32\ieframe.dll
MD5: 43ab7846279a09104e5e04cce8b241be C:\Windows\system32\iepeers.dll
MD5: 962abfb0805210936f0c149f9154bedf C:\Windows\system32\iertutil.dll
MD5: f2f627e24fc6adf67526840d68a3544d C:\Windows\system32\IEUI.dll
MD5: 5a005676a0252fbafec8f68162eb9f88 C:\Windows\system32\ImgUtil.dll
MD5: 875e4e0661f3a5994df9e5e3a0a4f96b C:\Windows\system32\IoctlSvc.exe
MD5: cbb0d940221a281bcfeaea695bd1cda5 C:\Windows\System32\irmon.dll
MD5: dcb288183cf77605110944232c6a2665 C:\Windows\system32\jscript.dll
MD5: db6e3731e6f5c8ae2843f80b5787f7c6 C:\Windows\system32\kernel32.dll
MD5: 4408de295e63c202f59261b67caf62af C:\Windows\system32\lxcrcoms.exe
MD5: eea6f3cfc1f7e8709ebd8a78fba1674a C:\Windows\system32\msfeeds.dll
MD5: 82e9a1e0bac666c4a8b6d45ec807abd6 C:\Windows\system32\msfeedssync.exe
MD5: d6c2ceacb1ee184ea0c1d6bd594b398f C:\Windows\system32\mshtml.dll
MD5: c5bbd8bdcf29c18e9646a2f7af2a2a33 C:\Windows\system32\mshtmled.dll
MD5: f3ebda850cc141768498decaad513299 C:\Windows\system32\msls31.dll
MD5: 365fef29b22f626c5756ac0dee91c249 C:\Windows\System32\msshsq.dll
MD5: e3c52cd56f4cb2d9736c75efaa62a07f C:\Windows\system32\NetworkExplorer.dll
MD5: 5a0b0235899ec846fc914458d5cb5332 C:\Windows\System32\NLSLexicons0009.dll
MD5: 2e1b11a499eca8935ec13f7e1c2fd5e6 C:\Windows\system32\nvd3dum.dll
MD5: e55877be77a8a31b0416b4e7c3dbe3f2 C:\Windows\system32\nvvsvc.exe
MD5: fa6bd25a5a65a6ff5be4385098e3bdef C:\Windows\system32\OLEAUT32.dll
MD5: f68e07f8aa19d60df2e7467d75448b3d C:\Windows\system32\Pdh.dll
MD5: b8d3bf818defe1da9a754f214e528221 C:\Windows\system32\pngfilt.dll
MD5: 5a32d90a3d3d63e9011869a07a720ab3 C:\Windows\system32\Ribbons.scr
MD5: 9a120d6eeb7fa55dabf7731da892972c C:\Windows\system32\RICHED20.dll
MD5: 9de05ce950e4bc8820464f137029b358 C:\Windows\system32\RPCRT4.dll
MD5: 301ae00e12408650baddc04dbc832830 C:\Windows\system32\rpcss.dll
MD5: 6528ee11efa77f8c8b1c6ead401f907f C:\Windows\system32\schannel.dll
MD5: 7b587b8a6d4a99f79d2902d0385f29bd C:\Windows\system32\schedsvc.dll
MD5: 83433ecfb05e44ab1529004cca561fe9 C:\Windows\system32\scrrun.dll
MD5: 048b65ec931a39a5f42016be04775274 C:\Windows\system32\SHELL32.dll
MD5: 44338cab70f1db264d2f3f9f86a5d281 C:\Windows\system32\SHLWAPI.dll
MD5: 1e3fdb80e40a3ce645f229dfbdfb7694 C:\Windows\System32\shsvcs.dll
MD5: 5610d60c7230bb56647ab40b88ac9476 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll
MD5: 3665f79026a3f91fbca63f2c65a09b19 C:\Windows\System32\spoolsv.exe
MD5: 234cb691fba69e8c1be489a341586252 C:\Windows\System32\srchadmin.dll
MD5: 1925e63c91cf1610ae41bfd539062079 C:\Windows\System32\srvsvc.dll
MD5: eafb5897ac9cd84890171ac38862320f C:\Windows\System32\taskeng.exe
MD5: fedf099539e39797a58f136ac3144be4 C:\Windows\system32\urlmon.dll
MD5: a23e4692716c25e5aea300ed74e73a1c C:\Windows\system32\USP10.dll
MD5: d5f28df4c4100b233d7f5c708673696d C:\Windows\system32\vbscript.dll
MD5: 52a53bcccf489d4097191b7b78dffa58 C:\Windows\system32\wbem\fastprox.dll
MD5: da39b480239feb2cc0f4be7b185b63db C:\Windows\system32\wbem\wbemprox.dll
MD5: 4f4889a9d680714be11b31bd01a0411a C:\Windows\system32\webcheck.dll
MD5: da5a72211661c7f162b332fea4f09a69 C:\Windows\system32\WININET.dll
MD5: e9d1ef681e0f3b95c9b5fd648fa95371 C:\Windows\System32\wshirda.dll
MD5: 8f97d374ad1857e1eed85a79f29a1d3d C:\Windows\WindowsMobile\rapimgr.dll
MD5: 59e19bd13c3bdb857646b9e436ba27f7 C:\Windows\WindowsMobile\wcescomm.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: e402a6e79d1e4dbfeba8b364c67a3158 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.dll
MD5: d702b4e30b31bfcab7bd4e5965c1a5dc C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MD5: 81e199bfe82c106d38f989674d0dec1f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 0.94 KB recvd
Scanned 710 files and modules - 30 seconds

==============================================================================


After doing the sfc /scannow this was the result:

Windows Recource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example CWindows\Logs\CBS\CBS.log

The system file repair changes will take effect after the next reboot.

but I am denied access to that file so I cannot copy/paste it for you.

And Sigverif found only 2 files. Both of these state they were last modified last year which was before the problems started.
These flies are Fsusbexdisk.sys and Ipoddrv.sys



The Output log for the Event viewer tool when selecting 'system' was this:


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/07/2011 00:09:34

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/06/2011 22:34:36
Type: Error Category: 0
Event: 6 Source: Microsoft-Windows-Kernel-Processor-Power
Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 30/06/2011 22:35:31
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/06/2011 22:34:06
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.




and when selecting 'application' gave me this:




Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/07/2011 00:10:33

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/06/2011 22:35:48
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#18
RKinner
Posted 30 June 2011 - 08:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ESET found something. Did that help any? Do you get redirected in Firefox and IE too?

I don't like this error:
Log: 'Application' Date/Time: 30/06/2011 22:35:48
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Make sure your clock is synchronizing to Internet Time. Right click on the clock and select Adjust Date/Time then Internet Time then Change Settings. (Continue) The box should be checked then hit Update Now. If it doesn't work try changing to one of the other time servers by hitting the down arrow to the right of where it says which server will be used.

Ron
  • 0

#19
@thorntonrich
Posted 01 July 2011 - 02:38 AM

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I think that has helped. I have just run through about 25 search results without being re-directed once. This in the past has been enough to get at least 2 re-directs.
I only really use Chrome, I don't have Firefox and hardly ever use IE, the last time I used it was when you asked me to in a previous step! So I can't really say if I'm getting re-directed from these.
  • 0

#20
RKinner
Posted 01 July 2011 - 09:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Our tools don't look at Chrome yet so it makes it hard to see what is happening. If you don't already have it I would suggest you get the AdBlock Plus add-on for Chrome. http://adblockplus.org/en/chrome

I use its Firefox version and I think it's great. It fools a website into thinking you have already downloaded the ads and it replaces them with white space. That way the site loads a lot faster and you can't accidentally click on something evil. I didn't even know that G2G had ads until I tried to get on once from one of the public library computers.

Make sure you are able to get Microsoft Updates. (Control Panel, Windows Update, ) If that works I guess we are done and we just have some housekeeping left.

We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

OTL has a Cleanup tab which will clean up most of our tools and their logs


You will have to manually delete or uninstall any that it doesn't get.

If you want to just cleanup Combofix:
copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, (All) Programs, Accessories, right click on Command Prompt and select Run As Administrator then right click and Paste or Edit, Paste and hit Enter.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
If it finds you need a newer version you can just click on the green down arrow and it will download the latest version for you.

Ron
  • 0

#21
@thorntonrich
Posted 01 July 2011 - 02:37 PM

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks again Ron.

OTL didn't seem to pick up a great deal on cleanup although it did remove itself. To remove the rest, do I need to do it through Command Prompt in the way you described for Combofix, or can I just as easily do it through the 'uninstall programs' section of the control panel?
and everything we used can be safely removed? There's nothing I need to keep for future use?

Richard
  • 0

#22
RKinner
Posted 01 July 2011 - 07:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Nothing you need to keep tho you can keep them if you want to. Most of them can just be deleted. I think MBAM is the only one that needs to be uninstalled. IF you want to keep them I would move them to a folder off the desktop so they don't clutter it up.

Ron
  • 0

#23
@thorntonrich
Posted 02 July 2011 - 05:35 AM

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks for all your help on this Ron, I really appreciate it. You made it really easy for me to follow your instructions and my computer seems to be in great shape now.
Thanks again.
All the best,
Richard.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP