[aew]

Hello ... I have two computers with "issues." I've been following and doing the "fixes" for similar issues here. Someone with a similar issue ran RogueKiller, which immediately identifed to the GeeksToGo person that they had a "back door virus."

I need to know if have that so I can secure my information immediately.

Can someone please just look at my RogueKiller log, and let me know if any of these are the "back door virus?" If so, I will stop using the computer immediately.

I would REALLY appreciate knowing as soon as possible whether I am at risk for stolen information via a backdoor virus, or if I am just experiencing a pesky redirect.

THANK YOU so much!



Here's the RogueKiller log:

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: (name removed) [Admin rights]
Mode: Scan -- Date: 03/13/2012 18:30:39
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : MFARestart ("C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg) -> FOUND
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

[aew]

<text deleted>

[michaelg9]

Hi
. I'm Michael and I'm going to help you fix your computer

Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  
• Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Sorry for the late reply. Thanks for waiting

OTL Custom Scan

• Download OTL to your Desktop
  
• Double click on the icon to run it.
  
• Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
  
• Select Scan all users
  
• Under Extra Registry select Use Safelist
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.exe
  %APPDATA%\*.
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  CREATERESTOREPOINT
  
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

[michaelg9]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.