Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus Root\LEGACY_CRYPTSVC32 (Trojan.Tracur)


  • This topic is locked This topic is locked

#16
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
combofix log


ComboFix 11-08-03.02 - TEST 08/03/2011 9:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.329 [GMT -4:00]
Running from: c:\documents and settings\TEST\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\TEST\tuqwyveibt.tmp
c:\documents and settings\TEST\WINDOWS
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-02 21:50 . 2011-08-03 13:14 -------- d-----w- C:\_OTL
2011-08-02 20:48 . 2011-08-02 20:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2011-08-01 19:50 . 2011-08-01 19:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-08-01 17:23 . 2011-08-01 17:43 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\NPE
2011-08-01 16:58 . 2011-08-02 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-07-29 15:19 . 2011-07-29 15:19 -------- d-----w- c:\documents and settings\TEST\Application Data\F-Secure
2011-07-27 23:08 . 2011-07-27 23:08 -------- d-----w- c:\program files\Microsoft Silverlight
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\TEST\Local Settings\Application Data\magicJack
2011-07-21 20:23 . 2011-07-21 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\magicJack
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-21 20:13 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-21 12:23 . 2011-07-21 12:23 -------- d-----w- c:\documents and settings\TEST\Application Data\CANON INC
2011-07-21 12:21 . 2011-07-21 12:21 -------- d-----w- c:\documents and settings\TEST\Application Data\ZoomBrowser EX
2011-07-21 12:19 . 2011-07-21 12:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-21 12:07 . 2011-07-21 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2011-07-21 11:37 . 2011-07-21 11:37 -------- d-----w- c:\program files\Common Files\Canon
2011-07-18 17:38 . 2011-07-18 17:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-07-18 17:21 . 2011-07-18 17:21 -------- d-----w- c:\program files\iPod
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\program files\iTunes
2011-07-18 17:21 . 2011-07-18 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 17:09 . 2011-07-18 17:09 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 17:01 . 2011-07-18 17:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-03-04 01:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-03-04 01:53 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-10 12:06 . 2009-06-24 02:23 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2009-06-24 02:23 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-30 02:14 . 2011-05-09 00:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"nwiz"="nwiz.exe" [2006-08-18 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-7-16 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TEST\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/31/2010 5:39 AM 583640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 8:46 AM 92008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"f:\hitmanpro35.exe" /crusader:boot --> f:\HitmanPro35.exe [?]
S3 40227842;40227842; [x]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [6/16/2008 2:38 PM 57088]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\TEST\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:30 PM 135664]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 00:30]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005Core.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020052512-1902659552-4142755142-1005UA.job
- c:\documents and settings\TEST\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 20:40]
.
2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{ACBB0E90-5ACE-40E0-B1A7-18F8264DEDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\TEST\Application Data\Mozilla\Firefox\Profiles\1w1qklcx.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc887fc&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-cdloader - c:\documents and settings\TEST\Application Data\mjusbsp\cdloader2.exe
AddRemove-Mozilla Firefox (2.0.0.20) - g:\documents\Downloads\PortableApps\FirefoxPortable\App\firefox\uninstall\helper.exe
AddRemove-Mozilla Firefox (3.0.11) - f:\mozilla firefox\uninstall\helper.exe
AddRemove-Mozilla Firefox (3.5.7) - h:\portableapps\FirefoxPortable\App\firefox\uninstall\helper.exe
AddRemove-magicJack - c:\documents and settings\TEST\Application Data\mjusbsp\magicJackLoader.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\TEST\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 09:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<[email protected]? ???0][email protected]?????<[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"f:\hitmanpro35.exe\" /crusader:boot"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-08-03 09:36:52
ComboFix-quarantined-files.txt 2011-08-03 13:36
.
Pre-Run: 26,009,812,992 bytes free
Post-Run: 26,095,755,264 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A8F942E4EA777B55BC492EF9FE3EC519
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Do you still get redirected?
  • 0

#18
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
No it appears to be working. Is there a way to be sure the virus is gone? And is there a recommended antivirus?

Edited by John Roix, 03 August 2011 - 09:04 AM.

  • 0

#19
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
First we are going to make sure your system is clean then I'll give you some recommendations :)

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Complete scan sometimes takes up to 3 hours to finish so please be patient.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#20
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When I went to run Dr Web Cure-it the computer screen started to flash enhance protection mode and wouldn't allow me to do anything. I'm running in safe-mode. Should I try again?
  • 0

#21
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you can't start Dr.Web then try this instead:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#22
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The Kaspersky log won't upload.
  • 0

#23
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try to ZIP it and attach it to your next reply. That should work.
  • 0

#24
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The size of the log is 3.43 MB which appears to be too big.
  • 0

#25
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave it for now at your system. Did it found anything and did you manage to remove all findings?
  • 0

Advertisements


#26
John Roix

John Roix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It found 8 high threats that it deleted.
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi John Roix,

Good job! Your logs and system are clean now. I'm glad we fix up your computer.

Here is my antivirus recomendation for you:


We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This thread is closed - We do not use two staff for one topic
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP