Jump to content
Sign in to follow this  
lharrison616

Removed my web search and had sporadic ie crashes

Recommended Posts

Please download aswMBR.exe and save it to your desktop.

[*]Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

[*]Allow it to update where necessary

[*]Click Scan

[*]Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.

[*]You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Share this post


Link to post
Share on other sites

I would prefer to have logs posted unless I specifically requested for it to be attached.

 

Please read through these instructions to familiarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

 

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

After the scan the computer restarted and when I clicked on internet explorer it said it was unavailable or had been moved and asked me if I wanted to remove the icon. I restarted the computer and it works now. This has happened in the past few days also. A restart seems to fix it.

 

 

ComboFix 13-07-16.01 - James 07/17/2013 18:27:02.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2779 [GMT -5:00]Running from: c:usersJamesDesktopComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:programdataAMMYYc:programdataAMMYYhrc:programdataAMMYYhr3c:programdataAMMYYsettings3.binc:windowswininit.ini.Infected copy of c:windowssystem32Services.exe was found and disinfectedRestored copy from - c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe..((((((((((((((((((((((((( Files Created from 2013-06-18 to 2013-07-18 )))))))))))))))))))))))))))))))..2013-07-18 00:28 . 2013-07-18 00:28 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-07-16 00:02 . 2013-06-05 03:34 3153920 ----a-w- c:windowssystem32win32k.sys2013-07-16 00:02 . 2013-04-10 05:48 1732608 ----a-w- c:program filesWindows JournalNBDoc.DLL2013-07-16 00:02 . 2013-04-10 05:46 1393152 ----a-w- c:program filesWindows JournalJNTFiltr.dll2013-07-16 00:02 . 2013-04-10 05:46 1367040 ----a-w- c:program filesCommon FilesMicrosoft Sharedinkjournal.dll2013-07-16 00:02 . 2013-04-10 05:46 1402880 ----a-w- c:program filesWindows JournalJNWDRV.dll2013-07-16 00:02 . 2013-04-10 05:03 936448 ----a-w- c:program files (x86)Common FilesMicrosoft Sharedinkjournal.dll2013-07-15 23:54 . 2013-05-27 05:50 1011712 ----a-w- c:program filesWindows DefenderMpSvc.dll2013-07-15 23:54 . 2013-05-27 05:50 571904 ----a-w- c:program filesWindows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 04:57 392704 ----a-w- c:program files (x86)Windows DefenderMpClient.dll2013-07-15 23:54 . 2013-05-27 05:50 314880 ----a-w- c:program filesWindows DefenderMpCommu.dll2013-07-15 23:54 . 2013-05-27 04:57 54784 ----a-w- c:program files (x86)Windows DefenderMpOAV.dll2013-07-15 23:54 . 2013-05-27 03:15 9216 ----a-w- c:program files (x86)Windows DefenderMpAsDesc.dll2013-07-15 23:54 . 2013-05-27 04:57 4608 ----a-w- c:program files (x86)Windows DefenderMsMpLics.dll2013-07-15 23:50 . 2013-04-09 23:34 1247744 ----a-w- c:windowsSysWow64DWrite.dll2013-07-15 23:50 . 2013-04-02 22:51 1643520 ----a-w- c:windowssystem32DWrite.dll2013-07-15 23:49 . 2013-06-04 06:00 624128 ----a-w- c:windowssystem32qedit.dll2013-07-15 23:49 . 2013-06-04 04:53 509440 ----a-w- c:windowsSysWow64qedit.dll2013-07-15 23:49 . 2013-05-06 06:03 1887744 ----a-w- c:windowssystem32WMVDECOD.DLL2013-07-15 23:49 . 2013-05-06 04:56 1620480 ----a-w- c:windowsSysWow64WMVDECOD.DLL2013-07-15 23:30 . 2011-07-24 01:44 161720 ----a-w- c:program files (x86)4pres.dll2013-06-18 01:48 . 2013-06-18 01:48 -------- d-----w- c:program files (x86)Microsoft.NET...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-16 02:45 . 2010-07-10 01:13 78185248 ----a-w- c:windowssystem32MRT.exe2013-06-13 01:45 . 2012-06-02 00:14 692104 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-06-13 01:45 . 2011-05-15 19:22 71048 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2013-05-13 05:51 . 2013-06-12 01:30 184320 ----a-w- c:windowssystem32cryptsvc.dll2013-05-13 05:51 . 2013-06-12 01:30 1464320 ----a-w- c:windowssystem32crypt32.dll2013-05-13 05:51 . 2013-06-12 01:30 139776 ----a-w- c:windowssystem32cryptnet.dll2013-05-13 05:50 . 2013-06-12 01:30 52224 ----a-w- c:windowssystem32certenc.dll2013-05-13 04:45 . 2013-06-12 01:30 1160192 ----a-w- c:windowsSysWow64crypt32.dll2013-05-13 04:45 . 2013-06-12 01:30 103936 ----a-w- c:windowsSysWow64cryptnet.dll2013-05-13 04:45 . 2013-06-12 01:30 140288 ----a-w- c:windowsSysWow64cryptsvc.dll2013-05-13 03:43 . 2013-06-12 01:30 1192448 ----a-w- c:windowssystem32certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 903168 ----a-w- c:windowsSysWow64certutil.exe2013-05-13 03:08 . 2013-06-12 01:30 43008 ----a-w- c:windowsSysWow64certenc.dll2013-05-10 05:49 . 2013-06-12 01:30 30720 ----a-w- c:windowssystem32cryptdlg.dll2013-05-10 03:20 . 2013-06-12 01:30 24576 ----a-w- c:windowsSysWow64cryptdlg.dll2013-05-08 06:39 . 2013-06-12 01:30 1910632 ----a-w- c:windowssystem32driverstcpip.sys2013-05-03 01:15 . 2013-05-03 01:15 73728 ----a-w- c:windowsSysWow64SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 719360 ----a-w- c:windowsSysWow64mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 61952 ----a-w- c:windowsSysWow64tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 523264 ----a-w- c:windowsSysWow64vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowsSysWow64mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 38400 ----a-w- c:windowsSysWow64imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 361984 ----a-w- c:windowsSysWow64html.iec2013-05-03 01:15 . 2013-05-03 01:15 23040 ----a-w- c:windowsSysWow64licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 226304 ----a-w- c:windowssystem32elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 185344 ----a-w- c:windowsSysWow64elshyph.dll2013-05-03 01:15 . 2013-05-03 01:15 158720 ----a-w- c:windowsSysWow64msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 150528 ----a-w- c:windowsSysWow64iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1441280 ----a-w- c:windowsSysWow64inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 138752 ----a-w- c:windowsSysWow64wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 137216 ----a-w- c:windowsSysWow64ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowsSysWow64mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 110592 ----a-w- c:windowsSysWow64IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 1054720 ----a-w- c:windowssystem32MsSpellCheckingFacility.exe2013-05-03 01:15 . 2013-05-03 01:15 97280 ----a-w- c:windowssystem32mshtmled.dll2013-05-03 01:15 . 2013-05-03 01:15 92160 ----a-w- c:windowssystem32SetIEInstalledDate.exe2013-05-03 01:15 . 2013-05-03 01:15 905728 ----a-w- c:windowssystem32mshtmlmedia.dll2013-05-03 01:15 . 2013-05-03 01:15 81408 ----a-w- c:windowssystem32icardie.dll2013-05-03 01:15 . 2013-05-03 01:15 77312 ----a-w- c:windowssystem32tdc.ocx2013-05-03 01:15 . 2013-05-03 01:15 762368 ----a-w- c:windowssystem32ieapfltr.dll2013-05-03 01:15 . 2013-05-03 01:15 62976 ----a-w- c:windowssystem32pngfilt.dll2013-05-03 01:15 . 2013-05-03 01:15 599552 ----a-w- c:windowssystem32vbscript.dll2013-05-03 01:15 . 2013-05-03 01:15 52224 ----a-w- c:windowssystem32msfeedsbs.dll2013-05-03 01:15 . 2013-05-03 01:15 51200 ----a-w- c:windowssystem32imgutil.dll2013-05-03 01:15 . 2013-05-03 01:15 48640 ----a-w- c:windowssystem32mshtmler.dll2013-05-03 01:15 . 2013-05-03 01:15 452096 ----a-w- c:windowssystem32dxtmsft.dll2013-05-03 01:15 . 2013-05-03 01:15 441856 ----a-w- c:windowssystem32html.iec2013-05-03 01:15 . 2013-05-03 01:15 281600 ----a-w- c:windowssystem32dxtrans.dll2013-05-03 01:15 . 2013-05-03 01:15 27648 ----a-w- c:windowssystem32licmgr10.dll2013-05-03 01:15 . 2013-05-03 01:15 270848 ----a-w- c:windowssystem32iedkcs32.dll2013-05-03 01:15 . 2013-05-03 01:15 247296 ----a-w- c:windowssystem32webcheck.dll2013-05-03 01:15 . 2013-05-03 01:15 235008 ----a-w- c:windowssystem32url.dll2013-05-03 01:15 . 2013-05-03 01:15 216064 ----a-w- c:windowssystem32msls31.dll2013-05-03 01:15 . 2013-05-03 01:15 197120 ----a-w- c:windowssystem32msrating.dll2013-05-03 01:15 . 2013-05-03 01:15 173568 ----a-w- c:windowssystem32ieUnatt.exe2013-05-03 01:15 . 2013-05-03 01:15 167424 ----a-w- c:windowssystem32iexpress.exe2013-05-03 01:15 . 2013-05-03 01:15 1509376 ----a-w- c:windowssystem32inetcpl.cpl2013-05-03 01:15 . 2013-05-03 01:15 149504 ----a-w- c:windowssystem32occache.dll2013-05-03 01:15 . 2013-05-03 01:15 144896 ----a-w- c:windowssystem32wextract.exe2013-05-03 01:15 . 2013-05-03 01:15 1400416 ----a-w- c:windowssystem32ieapfltr.dat2013-05-03 01:15 . 2013-05-03 01:15 13824 ----a-w- c:windowssystem32mshta.exe2013-05-03 01:15 . 2013-05-03 01:15 136192 ----a-w- c:windowssystem32iepeers.dll2013-05-03 01:15 . 2013-05-03 01:15 135680 ----a-w- c:windowssystem32IEAdvpack.dll2013-05-03 01:15 . 2013-05-03 01:15 12800 ----a-w- c:windowssystem32msfeedssync.exe2013-05-03 01:15 . 2013-05-03 01:15 102912 ----a-w- c:windowssystem32inseng.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 9728 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 5632 ---ha-w- c:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 522752 ----a-w- c:windowssystem32XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 465920 ----a-w- c:windowssystem32WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 417792 ----a-w- c:windowsSysWow64WMPhoto.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 4096 ---ha-w- c:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3928064 ----a-w- c:windowssystem32d2d1.dll2013-05-03 01:11 . 2013-05-03 01:11 364544 ----a-w- c:windowsSysWow64XpsGdiConverter.dll2013-05-03 01:11 . 2013-05-03 01:11 363008 ----a-w- c:windowssystem32dxgi.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3584 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 3072 ---ha-w- c:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2776576 ----a-w- c:windowssystem32msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 2565120 ----a-w- c:windowssystem32d3d10warp.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2560 ---ha-w- c:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 2284544 ----a-w- c:windowsSysWow64msmpeg2vdec.dll2013-05-03 01:11 . 2013-05-03 01:11 220160 ----a-w- c:windowsSysWow64d3d10core.dll2013-05-03 01:11 . 2013-05-03 01:11 1682432 ----a-w- c:windowssystem32XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1158144 ----a-w- c:windowsSysWow64XpsPrint.dll2013-05-03 01:11 . 2013-05-03 01:11 1080832 ----a-w- c:windowsSysWow64d3d10.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowsSysWow64api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 10752 ---ha-w- c:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll2013-05-03 01:11 . 2013-05-03 01:11 1175552 ----a-w- c:windowssystem32FntCache.dll2013-05-03 01:11 . 2013-05-03 01:11 648192 ----a-w- c:windowssystem32d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 604160 ----a-w- c:windowsSysWow64d3d10level9.dll2013-05-03 01:11 . 2013-05-03 01:11 3419136 ----a-w- c:windowsSysWow64d2d1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2009-02-27 35696]"Dell DataSafe Online"="c:program files (x86)Dell DataSafe OnlineDataSafeOnline.exe" [2010-02-09 1807680]"PDVDDXSrv"="c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv.exe" [2009-12-29 140520]"Dell Webcam Central"="c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2.exe" [2009-06-24 409744]"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [2009-10-15 498160]"AppleSyncNotifier"="c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656]"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2013-01-28 59720]"mcui_exe"="c:program filesMcAfee.comAgentmcagent.exe" [2013-03-13 1532992]"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2013-02-18 152392].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]"c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2012-02-10 559616].c:programdataMicrosoftWindowsStart MenuProgramsStartupMcAfee Security Scan Plus.lnk - c:program files (x86)McAfee Security Scan2.1.121SSScheduler.exe [2010-9-3 255536]Microsoft Office.lnk - c:program files (x86)Microsoft OfficeOfficeOSA9.EXE -b -l [1999-2-17 65588].c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe /firstrun [2009-12-15 1324384].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:windowssystem32driversHipShieldK.sys;c:windowsSYSNATIVEdriversHipShieldK.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe;c:program files (x86)McAfee Security Scan2.1.121McCHSvc.exe [x]R3 mferkdet;McAfee Inc. mferkdet;c:windowssystem32driversmferkdet.sys;c:windowsSYSNATIVEdriversmferkdet.sys [x]R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys;c:windowsSYSNATIVEDriversusbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:windowssystem32driversmfewfpk.sys;c:windowsSYSNATIVEdriversmfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys;c:windowsSYSNATIVEDriversPxHlpa64.sys [x]S1 aswKbd;aswKbd; [x]S2 AESTFilters;Andrea ST Filters Service;c:windowsSystem32DriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe;c:windowsSYSNATIVEDriverStoreFileRepositorystwrt64.inf_amd64_neutral_7f58c91b65c73836AESTSr64.exe [x]S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [x]S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe;c:program filesDellDellDockDockLogin.exe [x]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe;c:program filesCommon FilesMcAfeeMcSvcHostMcSvHost.exe [x]S2 mfefire;McAfee Firewall Core Service;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe;c:program filesCommon FilesMcAfeeSystemCoremfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:windowssystem32mfevtps.exe;c:windowsSYSNATIVEmfevtps.exe [x]S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [x]S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE [x]S3 cfwids;McAfee Inc. cfwids;c:windowssystem32driverscfwids.sys;c:windowsSYSNATIVEdriverscfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys;c:windowsSYSNATIVEDRIVERSCtClsFlt.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:windowssystem32driversmfefirek.sys;c:windowsSYSNATIVEdriversmfefirek.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys;c:windowsSYSNATIVEDriversRtsUStor.sys [x]S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys;c:windowsSYSNATIVEDRIVERSSftfslh.sys [x]S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys;c:windowsSYSNATIVEDRIVERSSftplaylh.sys [x]S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys;c:windowsSYSNATIVEDRIVERSSftredirlh.sys [x]S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys;c:windowsSYSNATIVEDRIVERSSftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys;c:windowsSYSNATIVEDRIVERSyk62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-16 00:32 1173456 ----a-w- c:program files (x86)GoogleChromeApplication28.0.1500.72Installerchrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-17 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-06-02 01:45].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13].2013-07-18 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2012-08-10 00:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Apoint"="c:program filesDellTPadApoint.exe" [2010-04-06 384296]"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2010-02-25 487424]"IgfxTray"="c:windowssystem32igfxtray.exe" [2010-02-21 165912]"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2010-02-21 387608]"Persistence"="c:windowssystem32igfxpers.exe" [2010-02-21 365592]"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2009-06-05 186904].------- Supplementary Scan -------.uLocal Page = c:windowssystem32blank.htmmLocal Page = c:windowsSysWOW64blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: msn.comdellTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-DellSupportCenter - c:program files (x86)Dell Support Centerbinsprtcmd.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SpywareTerminatorShield - c:program files (x86)Spyware TerminatorSpywareTerminatorShield.exeHKLM-Run-SpywareTerminatorUpdater - c:program files (x86)Spyware TerminatorSpywareTerminatorUpdate.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]@Denied: (2) (LocalSystem)"Progid"="ChromeHTML".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINEsoftwareMcAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,.[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exec:windowsSysWOW64rundll32.exec:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exec:program files (x86)Dell DataSafe Local BackupTOASTER.EXEc:program files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXEc:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe.**************************************************************************.Completion time: 2013-07-17 19:38:18 - machine was rebootedComboFix-quarantined-files.txt 2013-07-18 00:38.Pre-Run: 245,965,357,056 bytes freePost-Run: 248,205,225,984 bytes free.- - End Of File - - 8472BCE7A80C5CEA96FB6ED6B63E4C88CDB4DE4BBD714F152979DA2DCBEF57EB

Share this post


Link to post
Share on other sites

-AdwCleaner-

 

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.

[*]Double click on AdwCleaner.exe to run the tool.

[*]Click on Delete.

[*]Confirm each time with Ok.

[*]Your computer will be rebooted automatically. A text file will open after the restart.

[*]Please post the content of that logfile with your next answer.

[*]You can find the logfile at C:AdwCleaner[s1].txt as well.

===================================================

 

Please download Junkware Removal Tool to your desktop.

[*]Shutdown your antivirus to avoid any conflicts.

[*]Right-mouse click JRT.exe and select Run as administrator

[*]The tool will open and start scanning your system.

[*]Please be patient as this can take a while to complete.

[*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

[*]Post the contents of JRT.txt into your next message

===================================================

 

On your next reply please post :

AdwCleaner log

JRT log

Are you still having browser crashes?

 

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

No IE Crashes since I mentioned it.

 

here are the logs.

 

 

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 23:01:21# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : James - JAMES-PC# Boot Mode : Normal# Running from : C:UsersJamesDesktopadwcleaner.exe# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:ProgramDataAVG Secure Search

***** [Registry] *****

***** [internet Browsers] *****

- Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

- Google Chrome v28.0.1500.72

File : C:UsersJamesAppDataLocalGoogleChromeUser DataDefaultPreferences

Deleted [l.25] : keyword = "isearch.avg.com",

*************************

AdwCleaner[R1].txt - [14258 octets] - [15/07/2013 19:06:11]AdwCleaner[R2].txt - [1202 octets] - [17/07/2013 22:58:34]AdwCleaner[s1].txt - [13932 octets] - [15/07/2013 19:12:05]AdwCleaner[s2].txt - [1101 octets] - [17/07/2013 23:01:21]

########## EOF - C:AdwCleaner[s2].txt - [1161 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.6 (07.17.2013:4)OS: Windows 7 Home Premium x64Ran by James on Wed 07/17/2013 at 23:08:03.84~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwaretheseaappSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingapnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosofttracingaskpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}Successfully deleted: [Registry Key] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{950AF0F1-B122-468F-A4C5-D758AF36BF5D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{38bc6857-67fa-4358-afae-28e0f9ad2128}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchScopes{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}

 

~~~ Files

Successfully deleted: [File] C:Program Files (x86)4pres.dll

 

~~~ Folders

Successfully deleted: [Folder] "C:UsersJamesappdatalocalvisi_coupon"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 07/17/2013 at 23:15:44.85End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Hi,

 

Let's check for remnants before doing some housekeeping.

 

Download TFC to your desktop

[*]Close any open windows.

[*]Double click the TFC icon to run the program

[*]TFC will close all open programs itself in order to run,

[*]Click the Start button to begin the process.

[*]Allow TFC to run uninterrupted.

[*]The program should not take long to finish it's job

[*]Once its finished it should automatically reboot your machine,

[*]if it doesn't, manually reboot to ensure a complete clean

===================================================

 

Go here and click 'ESET Online Scanner'.

[*]If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.

[*]Turn off the real-time scanner of any existing antivirus program while performing the online scan.

[*]Tick the box next to YES, I accept the Terms of Use.

[*]Click Start

[*]If using Internet Explorer, allow the ActiveX control to install when asked.

[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

[*]Click on Advanced Settings and ensure these options are ticked:

[*]Scan for potentially unwanted applications

[*]Scan for potentially unsafe applications

[*]Enable Anti-Stealth Technology

[*]Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.

[*]Tick all the boxes that correspond to your external/inserted drives.

[*]Click Start

[*]Wait for the scan to finish.

[*]When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."

[*]Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.

===================================================

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

[*]Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)

[*]At the end, be sure a checkmark is placed next to:

[*]Update Malwarebytes' Anti-Malware

[*]Launch Malwarebytes' Anti-Malware

[*]Then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select Perform quick scan, then click Scan.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Be sure that everything is checked, and click Remove Selected.

[*]When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

[*]The log can also be found here:

C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

[*]Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

I did complete the scan. no IE crashes so far.

 

 

C:Program Files (x86)Dell DataSafe Local Backuphstart.exe a variant of Win32/HiddenStart.A applicationC:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdatehstart.exe a variant of Win32/HiddenStart.A applicationC:UsersJamesAppDataLocalLowGamingWonderlandEIInstallrCache0061C62D.exe a variant of Win32/Toolbar.MyWebSearch.O applicationC:UsersJamesAppDataLocalLowMindDabble_4pEIInstallrCache00233256.exe a variant of Win32/Toolbar.MyWebSearch.O application

 

 

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org

Database version: v2013.07.19.02

Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635James :: JAMES-PC [administrator]

7/18/2013 10:34:31 PMmbam-log-2013-07-18 (22-34-31).txt

Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216091Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0(No malicious items detected)

Memory Modules Detected: 0(No malicious items detected)

Registry Keys Detected: 0(No malicious items detected)

Registry Values Detected: 0(No malicious items detected)

Registry Data Items Detected: 0(No malicious items detected)

Folders Detected: 0(No malicious items detected)

Files Detected: 0(No malicious items detected)

(end)

 

Share this post


Link to post
Share on other sites

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

 

if exist "%temp%log.txt" del "%temp%log.txt"for %%g in ("C:UsersJamesAppDataLocalLowGamingWonderlandEIInstallrCache0061C62D.exe""C:UsersJamesAppDataLocalLowMindDabble_4pEIInstallrCache00233256.exe") do (del /a/f/q %%g >nul 2>&1if exist %%g echo.%%~g>>"%temp%log.txt")if exist "%temp%log.txt" ( start notepad "%temp%log.txt") else echo.Deleted Successfully !!pausedel %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.

It should look like this: Posted Image

 

Double-click on fix.bat to run it.

 

Tell me what it says in your next reply. Press any key to continue.

Share this post


Link to post
Share on other sites

Indeed it was.

 

It's time for some housekeeping if you don't have any problems left.

 

You can remove the rest of the tools we used except for Combofix which you have to follow the steps outlined.

 

Follow these steps to uninstall Combofix

[*]Click START then RUN

[*]Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix /Uninstall
Posted Image

 

===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

[*]

[*]How Did I Get Infected In The First Place? by TonyKlein

[*]How to Prevent Malware by miekiemoes

[*]PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

[*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

[*]Green to go

[*]Yellow for caution

[*]Red to stop

WOT has an add-on available for both Firefox and IE.

[*]SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here

[*]MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

[*]Download Host.zip and Save it to your Desktop.

[*]Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.

[*]Follow the prompts and click 'Finish'.

[*]This will open the newly created hosts folder on your Desktop.

[*]Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

[*]Once updated you should see another prompt that the task was completed.

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Share this post


Link to post
Share on other sites

OK all seems well now. Thank you very much and I also appreciate your patience with me as I was only able to reply in the late evening due to work. I have installed WOT and will add The spyware software you suggested. I have had no other problems at all. I will also be careful about who uses the computer.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×