Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect and Windows Restore and Combo fix


  • Please log in to reply

#1
dirtrider

dirtrider

    Member

  • Member
  • PipPip
  • 40 posts
Hello,

I have the exact same problem as the poster in this thread...
http://www.bleepingc...opic393664.html

So I proceeded to take the same steps to fix my computer. I ran ComboFix, and all seemed well. Went to the next step to run Malwarebytes, and I get a message:
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Illegal operation attempted on a registry key that has been marked for deletion"

That messages comes up for basically every program I try to open, even the log file from ComboFix, so I cannot post that.

What have I done? I fear that I may have really messed something up.

Thanks in advance.

-Mark
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Usually it just means that you need to reboot.

Can you post your Combofix log?

Ron
  • 0

#3
dirtrider

dirtrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
ComboFix 11-05-18.04 - Administrator 05/19/2011 18:55:20.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1198 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alli\AppData\Roaming\PriceGong
c:\users\Alli\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Alli\AppData\Roaming\PriceGong\Data\z.xml
c:\users\Alli\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 23:02 . 2011-05-19 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 23:02 . 2011-05-19 23:02 -------- d-----w- c:\users\Alli\AppData\Local\temp
2011-05-19 22:44 . 2011-05-19 22:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-05-19 22:23 . 2011-05-19 22:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D9A5782-952F-4362-8716-96923EAE76BA}\MpKsle43cb629.sys
2011-05-19 22:13 . 2011-05-19 22:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-05-18 02:55 . 2011-05-18 02:55 -------- d-----w- c:\users\Alli\AppData\Roaming\SUPERAntiSpyware.com
2011-05-18 02:55 . 2011-05-18 02:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-18 02:55 . 2011-05-18 02:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-18 02:20 . 2011-05-18 02:19 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6D7F8F5-3757-4760-BC34-FF58E007C20C}\gapaengine.dll
2011-05-18 02:19 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D9A5782-952F-4362-8716-96923EAE76BA}\mpengine.dll
2011-05-18 02:00 . 2011-05-18 02:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-18 01:59 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-05-17 22:32 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-17 22:29 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40E3ECD-361D-4FCD-B0BB-DF2870BDC8BB}\mpengine.dll
2011-04-28 20:45 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 20:45 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 20:44 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-19 22:22 . 2010-04-14 22:46 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-10 17:03 . 2011-04-14 00:19 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 00:19 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 00:17 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 20:45 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 20:45 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 20:45 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 20:45 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 00:18 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 00:18 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13 . 2011-03-23 06:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 06:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 06:34 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-14 00:20 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-14 00:20 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-14 00:20 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-14 00:20 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21 . 2011-04-14 00:20 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17 . 2011-04-14 00:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16 . 2011-04-14 00:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16 . 2011-04-14 00:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16 . 2011-04-14 00:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20 . 2011-04-14 00:20 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43 . 2011-04-14 00:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42 . 2011-04-14 00:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-05 18:39 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsle43cb629;MpKsle43cb629;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D9A5782-952F-4362-8716-96923EAE76BA}\MpKsle43cb629.sys [2011-05-19 28752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMDB
*NewlyCreated* - MPKSLE43CB629
*Deregistered* - klmdb
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 00:58]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 00:58]
.
2011-05-19 c:\windows\Tasks\User_Feed_Synchronization-{8A1EC5A6-CE00-4AA1-B0BF-D6525E793C63}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
2011-05-19 c:\windows\Tasks\User_Feed_Synchronization-{BA9F9274-2CA1-4C8E-BD87-EC000CCE41B8}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
2011-04-24 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-03-05 22:25]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\es8uzv9r.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 19:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1097620107-655295130-3212469395-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,58,96,4e,71,7b,94,44,a1,1c,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,58,96,4e,71,7b,94,44,a1,1c,c2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-19 19:04:33
ComboFix-quarantined-files.txt 2011-05-19 23:04
.
Pre-Run: 21,430,120,448 bytes free
Post-Run: 21,475,749,888 bytes free
.
- - End Of File - - E877659E3744C07535B0662BA2456813
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Did the reboot get rid of the error?

You need to run the McAfee Removal Tool:

http://service.mcafe...spx?id=TS100507

Then:

Download aswMBR.exe ( 511KB ) to your desktop.

Right click the aswMBR.exe and select Run As Administrator to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Ron
  • 0

#5
dirtrider

dirtrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
The reboot fixed the error:

aswMBR log:
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-23 18:11:01
-----------------------------
18:11:01.644 OS Version: Windows 6.0.6002 Service Pack 2
18:11:01.644 Number of processors: 2 586 0xF0D
18:11:01.644 ComputerName: ALLI-PC UserName:
18:11:21.956 Initialize success
18:11:41.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
18:11:41.502 Disk 0 Vendor: ST9160821AS 3.CDD Size: 152627MB BusType: 3
18:11:43.530 Disk 0 MBR read successfully
18:11:43.530 Disk 0 MBR scan
18:11:43.530 Disk 0 unknown MBR code
18:11:45.558 Disk 0 scanning sectors +312578048
18:11:45.605 Disk 0 scanning C:\Windows\system32\drivers
18:11:53.748 Service scanning
18:11:57.399 Disk 0 trace - called modules:
18:11:57.414 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
18:11:57.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a18ac8]
18:11:57.430 3 CLASSPNP.SYS[87ba48b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8480cb98]
18:11:57.430 Scan finished successfully
18:17:02.935 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:17:02.950 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


Malware Bytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6601

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/23/2011 7:28:03 PM
mbam-log-2011-05-23 (19-28-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 267058
Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,679 posts
  • MVP
Logs look clean.

We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.


You can delete or uninstall any programs we had you run.

To hide hidden files again:


Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

You may not have the latest Java (Java™ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Make sure you have the latest version of any apple products like Quicktime.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/


If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP