Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Misdirected links on web site. [Solved]

Started by globaljoe , Oct 06 2013 01:31 PM

  • This topic is locked This topic is locked

#16
gringo_pr
Posted 14 October 2013 - 06:14 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello globaljoe

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
  • 0

Advertisements

#17
gringo_pr
Posted 17 October 2013 - 08:39 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#18
globaljoe
Posted 18 October 2013 - 06:19 AM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
19:58:22.0608 0x10e0 Scan finished
19:58:22.0608 0x10e0 ============================================================
19:58:22.0633 0x10d8 Detected object count: 0
19:58:22.0633 0x10d8 Actual detected object count: 0
20:03:18.0843 0x0424 Deinitialize success
  • 0

#19
globaljoe
Posted 18 October 2013 - 06:32 AM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : geoff [Admin rights]
Mode : Remove -- Date : 10/18/2013 13:29:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Desktop\Malwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED (Unknown @ 0x8616D1F8)
[Inline] IAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA15A0)
[Inline] IAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA1400)
[Inline] IAT @explorer.exe (SHFileOperationW) : SHELL32.dll -> HOOKED (C:\Program Files\Unlocker\UnlockerHook.dll @ 0x038C1102)
[Inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9A520)
[Inline] EAT @explorer.exe (LdrUnloadDll) : ntdll.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9A630)
[Inline] EAT @explorer.exe (ChangeServiceConfig2A) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9C370)
[Inline] EAT @explorer.exe (ChangeServiceConfig2W) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9C5C0)
[Inline] EAT @explorer.exe (ChangeServiceConfigA) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9BB20)
[Inline] EAT @explorer.exe (ChangeServiceConfigW) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9BF90)
[Inline] EAT @explorer.exe (CreateServiceA) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9ACD0)
[Inline] EAT @explorer.exe (CreateServiceW) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9B1A0)
[Inline] EAT @explorer.exe (DeleteService) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9B8B0)
[Inline] EAT @explorer.exe (SetServiceObjectSecurity) : ADVAPI32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70A9E980)
[Inline] EAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA1400)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA16D0)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA18A0)
[Inline] EAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA15A0)
[Inline] EAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x70AA1A70)
[Inline] EAT @explorer.exe (SHFileOperationW) : SHELL32.dll -> HOOKED (C:\Program Files\Unlocker\UnlockerHook.dll @ 0x038C1102)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36722966)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36722966)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36722966)
[Inline] EAT @explorer.exe (??_7CWbemInstance@@6BCClassPartContainer@@@) : fastprox.dll -> HOOKED (Unknown @ 0xE72380A3)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD2500BEVS-60UST0 +++++
--- User ---
[MBR] 70e99edc947aef743ecec1e921040f23
[BSP] 52f671013f63c4199910fec04af6831b : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226651 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 464182110 | Size: 11821 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10182013_132954.txt >>
RKreport[0]_S_10182013_132919.txt
  • 0

#20
gringo_pr
Posted 18 October 2013 - 11:29 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello globaljoe

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes\{692AA4F1-88E5-453F-B143-F0283628D9A9}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1098640
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...119357&tsp=4996
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...89-1CAD3D6D5299
IE - HKCU\..\SearchScopes\{692AA4F1-88E5-453F-B143-F0283628D9A9}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1098640
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80150&lng=en
FF - prefs.js..browser.startup.homepage: "http://www2.delta-search.com/?babsrc=HP_ss&mntrId=4CB5001F3C9BD42D&affID=119357&tsp=4996"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
[2013/09/05 19:14:39 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\geoff\AppData\Roaming\mozilla\Firefox\Profiles\stexyhts.default\extensions\[email protected]
[2013/04/11 17:04:36 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\extensions\[email protected]
[2012/05/17 14:16:23 | 000,002,568 | ---- | M] () -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\searchplugins\askcom.xml
[2013/07/10 14:09:36 | 000,006,507 | ---- | M] () -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\searchplugins\babylon.xml
[2010/01/20 12:16:28 | 000,000,939 | ---- | M] () -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\searchplugins\conduit.xml
[2013/07/10 14:10:12 | 000,001,294 | ---- | M] () -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\searchplugins\delta.xml
[2012/10/03 12:56:19 | 000,002,330 | ---- | M] () -- C:\Users\geoff\AppData\Roaming\mozilla\firefox\profiles\stexyhts.default\searchplugins\inbox-search.xml

:Files
ipconfig /flushdns /c

:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#21
globaljoe
Posted 18 October 2013 - 12:19 PM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Well it's persistent if nothing else, still there! no change.
  • 0

#22
gringo_pr
Posted 18 October 2013 - 09:57 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

In which browser does it still happen in?


Gringo
  • 0

#23
globaljoe
Posted 19 October 2013 - 05:50 AM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Well, it did happen on all three browsers on my system, however, the problem seems to have been resolved. My web designer uploaded a new version of the web site and the problem seems to have cleared itself, yet I can't understand how I could access the old site with everything working as it should on one computer, yet on another computer also in the same room on the same modem was redirecting from the contact link to that Russian Yandex site. Well it's gone now and many thanks for all your patient help gringo. :thumbsup:
  • 0

#24
gringo_pr
Posted 19 October 2013 - 08:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello globaljoe

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#25
globaljoe
Posted 20 October 2013 - 08:24 AM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
7-Zip 9.20
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Shockwave Player 11.6
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
BlackBerry Desktop Software 7.0
BlackBerry Device Software Updater
Bonjour
Core Temp 1.0 RC2
CyberLink YouCam
D3DX10
DVD Suite
EA Link
ESET Online Scanner v3
FLV Player
GameMaker-Studio 1.2
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
GoToAssist Expert 1.6.0.498
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Huawei modem
Intel® Matrix Storage Manager
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
KeyNote 1.6.5
LabelPrint
Lexmark 2300 Series
Lexmark Fax Solutions
LightScribe System Software 1.10.13.1
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Press Training Kit Exam Prep Suite A+ 220-801, 220-802
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nokia Connectivity Cable Driver
NovaBACKUP
NVIDIA Drivers
OpenOffice.org 3.4
Opera 12.15
Opera 12.16
Opera Update Checker
PDF Creator
PVSonyDll
Python 3.3.0
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Segoe UI
SIW version 2010.07.14
Skill Builder DX
Skype™ 5.10
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
TeamViewer 5
The OFFICIAL DSA THEORY TEST for Car Drivers
The Sims™ Life Stories
Undeleter
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Repair Kit v3.0
Yahoo! Software Update
Yahoo! Toolbar
  • 0

Advertisements

#26
gringo_pr
Posted 20 October 2013 - 09:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader 8.1.3
Java 7 Update 25

 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#27
globaljoe
Posted 22 October 2013 - 02:47 PM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
OK, did all of that, but a couple of things did not go according to plan! Malwarebytes would not allow me to update it, everything completed OK with nothing to show, but as far as updating goes, all I got was the message:An error has occurred, connection refused on malwarebytes.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.30.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
geoff :: GEOFF-LAPTOP [administrator]

22/10/2013 21:04:28
mbam-log-2013-10-22 (21-04-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256701
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And as for hijackThis, it would not run at all, I just got the message: (For some reason your system denied write access to the hosts file, if any hijacked domains are in this file, hijackthis might not be able to fix this, if that happens you need to edit the file yourself).
  • 0

#28
gringo_pr
Posted 23 October 2013 - 01:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


Right click on Hijackthis and run as admin - also try and update malwarebytes once more please


Gringo
  • 0

#29
globaljoe
Posted 23 October 2013 - 01:52 PM

globaljoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts
Same result, run as admin was not even an option on hijackthis and malwarebytes will still not update.
  • 0

#30
gringo_pr
Posted 24 October 2013 - 11:39 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP