redirecting seaches on the internet

View previous topic View next topic Go down

redirecting seaches on the internet

Post by Criticalchris88 on 31st October 2009, 10:05 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:23, on 31/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Chris\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: RuneHQ Browser Bar Toolbar - {82de967b-6db5-4ac2-8450-c732f8358a43} - C:\Program Files\RuneHQ_Browser_Bar\tbRune.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [InfoaxeUpdater] C:\Program Files\infoaxe\updater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\Windows\System32\difxapi32.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 10438 bytes

also an error came up about accessing win system32
also keeps opening countless pages of different sites when nothing is clicked

Criticalchris88
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-31
Gender Gender : Male
OS OS : Vista Home premium
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Dr Jay on 1st November 2009, 2:24 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Criticalchris88 on 1st November 2009, 12:25 pm

ComboFix 09-10-30.01 - Chris 01/11/2009 12:16.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1923 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-3611833559-2294988578-2700159509-500
c:\users\Chris\AppData\Roaming\020000000a072011691C.manifest
c:\users\Chris\AppData\Roaming\020000000a072011691O.manifest
c:\users\Chris\AppData\Roaming\020000000a072011691P.manifest
c:\users\Chris\AppData\Roaming\020000000a072011691S.manifest
c:\windows\system32\8syy7.vbs
c:\windows\system32\fX3PHHq.vbs
c:\windows\system32\IA0bJMwu3HJ5Z.vbs
c:\windows\system32\mWJNC.vbs

.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 12:22 . 2009-11-01 12:22 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-11-01 12:22 . 2009-11-01 12:22 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-11-01 12:22 . 2009-11-01 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 12:16 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-01 00:15 . 2009-11-01 00:15 680 ----a-w- c:\users\Chris\AppData\Local\d3d9caps.dat
2009-10-31 21:58 . 2009-10-31 21:58 -------- d-----w- c:\windows\McAfee.com
2009-10-31 11:44 . 2009-10-31 11:44 -------- d-----w- c:\program files\iPod
2009-10-31 11:44 . 2009-10-31 11:44 268288 ----a-w- c:\windows\system32\dpnathlp32.dll
2009-10-31 11:44 . 2009-10-31 11:44 268288 ----a-w- c:\windows\system32\d3d10level932.dll
2009-10-29 20:37 . 2009-10-29 20:37 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-29 19:44 . 2009-09-23 16:37 34112 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k6tqa97s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-10-29 19:44 . 2009-09-23 16:37 22352 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k6tqa97s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-29 19:42 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-29 19:42 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-29 19:42 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-29 19:42 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-29 19:42 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-29 19:42 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-29 19:42 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-29 19:42 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-29 19:42 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-29 19:42 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-29 19:42 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-29 19:42 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-29 19:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 19:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-29 19:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 10:27 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 10:27 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 19:27 . 2009-10-25 19:56 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
2009-10-25 17:54 . 2009-10-25 17:54 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-25 17:54 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 17:54 . 2009-10-25 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 17:54 . 2009-10-25 17:54 -------- d-----w- c:\programdata\Malwarebytes
2009-10-25 17:54 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 19:01 . 2009-08-26 14:22 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k6tqa97s.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
2009-10-16 09:48 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 09:48 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 09:48 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 09:47 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 09:47 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 09:47 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-03 10:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 10:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 10:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 10:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 10:35 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 10:35 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 10:35 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 10:25 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 10:25 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-02 20:00 . 2009-10-01 10:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 12:11 . 2008-12-09 19:29 -------- d-----w- c:\program files\McAfee
2009-11-01 00:16 . 2008-12-04 23:10 38 ----a-w- c:\users\Chris\jagex_runescape_preferences.dat
2009-11-01 00:16 . 2009-09-02 20:08 63 ----a-w- c:\users\Chris\jagex_runescape_preferences2.dat
2009-10-31 13:23 . 2008-12-04 23:25 -------- d-----w- c:\users\Chris\AppData\Roaming\Apple Computer
2009-10-31 12:23 . 2009-02-04 19:05 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-10-31 11:45 . 2009-09-26 10:45 -------- d-----w- c:\program files\iTunes
2009-10-31 11:44 . 2008-12-04 23:17 -------- d-----w- c:\program files\Common Files\Apple
2009-10-29 20:37 . 2009-10-29 20:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-17 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-17 02:02 . 2008-12-03 01:55 -------- d-----w- c:\programdata\Microsoft Help
2009-09-25 22:22 . 2009-09-25 22:22 -------- d-----w- c:\users\Mcx1\AppData\Roaming\Dell
2009-09-25 22:22 . 2009-09-25 22:22 62728 ----a-w- c:\users\Mcx1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-25 02:10 . 2009-10-29 19:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-29 19:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-29 19:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-29 19:43 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-29 19:43 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-29 19:43 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-29 19:43 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-29 19:43 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-29 19:43 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-29 19:43 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-29 19:43 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-29 19:43 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-29 19:43 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-29 19:43 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-29 19:43 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-29 19:43 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-29 19:43 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-29 19:43 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-29 19:43 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-29 19:43 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-29 19:43 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-29 19:43 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-29 19:43 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-29 19:43 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-29 19:43 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-29 19:43 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-29 19:43 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 21:39 . 2009-09-23 21:38 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-16 09:22 . 2008-12-09 19:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2008-12-09 19:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2008-12-09 19:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2008-12-09 19:30 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2008-12-09 19:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-15 21:56 . 2008-12-03 02:03 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-14 20:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-12 10:51 . 2008-12-04 23:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 10:46 . 2009-02-20 18:54 -------- d-----w- c:\program files\NCH Software
2009-09-12 10:45 . 2009-02-20 18:55 -------- d-----w- c:\users\Chris\AppData\Roaming\NCH Swift Sound
2009-09-12 10:37 . 2009-09-12 10:36 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 10:34 . 2009-09-12 10:34 -------- d-----w- c:\program files\QuickTime
2009-09-10 02:01 . 2009-10-29 19:43 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-10-29 19:43 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-10-29 19:43 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-02 03:09 . 2009-09-02 03:09 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-29 00:27 . 2009-09-02 19:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 19:55 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-12 10:00 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-12 10:00 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-12 10:00 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-12 10:00 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-12 10:00 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-12 10:00 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-12 10:00 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-12 10:00 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-12 10:00 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-12 10:00 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-12 10:00 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-12-03 09:23 . 2008-12-03 09:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-06 1548288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6246400]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-1 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3c,f0,81,ef,77,35,ca,01

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [03/12/2008 09:31 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 22:09 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [09/12/2008 21:12 92296]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [03/12/2008 01:50 27648]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/02/2009 19:06 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-10-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-11-01 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-12-03 11:18]

2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{794D172F-E2E3-48DE-A79E-EE4DA06DA034}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k6tqa97s.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\k6tqa97s.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-InfoaxeUpdater - c:\program files\infoaxe\updater.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-01 12:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-01 12:23
ComboFix-quarantined-files.txt 2009-11-01 12:23

Pre-Run: 433,473,556,480 bytes free
Post-Run: 433,570,926,592 bytes free

- - End Of File - - EE64712F4754C3F541685C13674594B2

Criticalchris88
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-10-31
Gender Gender : Male
OS OS : Vista Home premium
Points Points : 25964
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Dr Jay on 1st November 2009, 6:37 pm

There is a dangerous backdoor trojan on your system. This is a sign of total system compromise.
[You must be registered and logged in to see this link.] are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:
I would counsel you to immediately disconnect this PC from the Internet and from your network if it is on a network. Disconnect the infected computer until the computer can be cleaned.
Then, access this information from a non-compromised computer to follow the steps needed.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

Though the backdoor has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a backdoor trojan. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove backdoor trojans cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
Guides for format and reinstall: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]
However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by megatails5 on 1st November 2009, 8:15 pm

CC is my brother, he has decided to change the router password so far and has also deleted all of his saved passwords and other data that web pages save. His computer is temporarily disconnected from our router, so i will be following your instructions from mine.
But we are going to reformat, so do we just have to save his wanted files (except the excluded file types) onto the recovery partition, just create a folder there and copy and paste music/pictures?
Then just insert the OS disk and everything bar stuff in the recovery file is gone (including the virus)?
Right, so can the virus not just go into the recovery drive before we format?



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Dr Jay on 2nd November 2009, 12:32 am

Just send pictures and videos and documents, etc - not programs or system files. Not sure what you mean by the question at the end...
Yes you can transfer files to the recovery partition, by creating a memorable folder somewhere on the drive.

If you have any more questions about the threat or any about doing the reinstall - I can provide any info.

So far, the danger of the infection is high, related to damage - because who knows how many system files it has damaged. However, it is not the type of threat that will spread to the other drive, so you can safely move the files without worry.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by megatails5 on 2nd November 2009, 9:35 pm

performed the format, and his pc is a little slow, it refuses to load the download page for mcafee, is it possible some form of virus still lives, are there any further steps after the format?



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Dr Jay on 3rd November 2009, 12:49 am

As long as it is formatted and reinstalled, everything should be fine. You can test just in case:

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by megatails5 on 3rd November 2009, 9:22 pm

he had 62 updates O.o! But i think his pc is back on track now, i will tell him to download and keep malwarebytes and to perform a weekly test like i do Smile
thanks for the help jay Awesome (sparkly)



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28890
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting seaches on the internet

Post by Dr Jay on 4th November 2009, 3:36 am

You are welcome!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum