TechSpot

Google redirected

Solved
By bearone100
Aug 16, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    I saw couple of bad entries in Combofix, so I want to see, if they're gone as well.

    Re-run Combofix and post fresh log.
     
  2. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    ok no problem ok
     
  3. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    heres he new one
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    One bad entry is gone, but I still can see another one, which I don't like....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :reg
      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg /s
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  5. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    i had to reset internet conection after the scan to get back on internet heres the scan
     

    Attached Files:

  6. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    i just reset the internet through the network and shating center in vista
     
  7. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\捁牥吠畯⁲敒業摮牥]
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  8. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\捁牥吠畯⁲敒業摮牥\ deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: me
    ->Temp folder emptied: 48728 bytes
    ->Temporary Internet Files folder emptied: 13185448 bytes
    ->Flash cache emptied: 875 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 13.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: me
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08182010_012627

    Files\Folders moved on Reboot...
    File\Folder C:\Users\me\AppData\Local\Temp\Low\~DF6DA9.tmp not found!
    File\Folder C:\Users\me\AppData\Local\Temp\Low\~DF6DB2.tmp not found!
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SOVJ21PZ\;ord=2914734738[1].htm moved successfully.
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SOVJ21PZ\sh21[1].htm moved successfully.
    File\Folder C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W90VQCC\fish-tank-_12833593[1].htm not found!
    File\Folder C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4W90VQCC\genericHist_iframe2[1].htm not found!
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43JRNF7K\ads[8].htm moved successfully.
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43JRNF7K\topic151803-3[2].htm moved successfully.
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39MLWQB2\ads[5].htm moved successfully.
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
    C:\Users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
  9. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    running quick scan now
     
  10. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Good and after that, give me fresh Combofix log.
     
  11. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    ok here is the latest scan
     

    Attached Files:

     
  12. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Looks good :)
    Combofix next.
     
  13. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    ok here is the latest
     

    Attached Files:

  14. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    All clean :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ======================================================================

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    ...and my bed time is coming....Kaspersky will take a while...
     
  15. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    thanks for the help goign on 2 am here have a good night
     
  16. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    You're very welcome :)
    I suggest, you set Kaspersky up to run it overnight.
     
  17. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    Results of screen317's Security Check version 0.99.5
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Reader 7.0
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:


    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    [Reminder to myself: install SP2 after Kaspersky scan.]

    ==========================================================================

    Update Adobe Flash Player: http://get.adobe.com/flashplayer/

    ========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ==================================================================

    Good Night :)
     
  19. bearone100

    bearone100 TS Rookie Topic Starter Posts: 54

    no threats detected with the scan it looks clean
     
  20. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Very good :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current (including Service Pack 2)

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    The issue appears to be resolved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.