Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirections


  • This topic is locked This topic is locked
8 replies to this topic

#1 PappaG

PappaG

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 18 January 2011 - 08:58 AM

Hi All,

MBR Log Added (19/01/2011 @ 08:08- UK)


I have been having problems with being redirected when selecting google search results links, even when opening in a new tab.
I have been having these problems for a week or so now.
I have seen about options such as Combofix etc but noticed and was subsequently adviced not to run this until told by helper which is what I have done (not used at all)

Your help with this would be very much appreciated,
I have followed the preparation guide 1-10 with the exception of GMER as on completion it kept freezing (only mouse use, no right click or Ctrl+Alt+Del for task manager). Tried this 5 times using options such as not having anything open, disable internet connection etc. One thing to mention the list seems very long but although it finished as soon as I tried to save it is when it froze.

With the exception of GMER , I have uploaded Attach.txt and inserted DDS.txt content as requested as part of the process for help.

Note: Andrew thanks for your help with the right forum and attachments, I will get this right with practice)



Actions taken:
Used "Reset" IE settings in tools/internet options/advanced tab
Re-did some basic options (i.e. open new tab with homepage etc)

System info:
Windows XP (SP3)
IE 8
Mcafee internet security :wacko:


DDS.txt Content:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Dad at 9:15:05.67 on 18/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1407 [GMT 0:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uStart Page = hxxp://google.co.uk/
mSearchAssistant =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101112154554.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {A08C6464-8102-465D-BB4B-3C1458E7F57F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amazon.co.uk\www
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271884736890
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-3-12 13696]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-8 84072]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-16 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-8 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-8 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-8 141792]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-3-12 45824]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-8 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-8 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-8 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-8 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-8 88544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-5-2 56992]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2010-3-12 56960]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\fneturpx.sys --> c:\windows\system32\drivers\FNETURPX.SYS [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-18 1691480]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-8 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-8 84264]

=============== Created Last 30 ================

2011-01-17 09:20:01 -------- d-----w- c:\program files\Runtime Software
2011-01-14 09:43:01 -------- d-----w- c:\docume~1\dad\applic~1\Nokia Ovi Suite
2011-01-14 09:37:32 -------- d-----w- c:\docume~1\dad\locals~1\applic~1\NokiaAccount
2011-01-14 09:37:29 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-14 09:37:29 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-01-14 09:36:58 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-01-14 09:31:40 -------- d-----w- c:\docume~1\dad\locals~1\applic~1\Nokia
2011-01-14 09:29:52 -------- d-----w- c:\program files\common files\Nokia
2011-01-14 09:29:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-14 09:29:22 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-14 09:29:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-01-14 09:29:12 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-01-14 09:29:11 23040 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-01-14 09:29:07 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-01-14 09:29:07 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-01-14 09:29:06 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-14 09:29:06 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-01-14 09:29:05 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-01-14 09:28:14 -------- d-----w- c:\program files\Nokia
2011-01-14 09:28:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache

==================== Find3M ====================


============= FINISH: 9:15:37.23 ===============


Thanks.

Attached Files


Edited by PappaG, 19 January 2011 - 03:10 AM.
Mod Edit: Moved To Logs Forum From AII - AA


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 18 January 2011 - 10:41 PM

Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 19 January 2011 - 04:18 AM

Hi there, please reply directly here by using the "Add Reply" button.. Please don't pm me or editing your first post as I'll lost track each time user does that..


The MBR is good, so lets do these...



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 PappaG

PappaG
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 19 January 2011 - 07:05 AM

Hi fenzodahl512,

Apologies for PM comms and Editing post, should have asked first (lesson learnt) :thumbup2:

Have completed tasks as requested and TDSSKiller & Combo-Fix logs attached.

Note:
> it was on stage 49 for a long time (over 30 mins), was beginning to worry it had frozen, then zap it was done with log open.
> Popup stating IE wasn't my default browser, do I want to make it default, selected yes.
Nothing else

Have tested Google search and all seems fine on click link and open in new tab, including being much faster. :thumbsup:

Is this now complete?

Can I now enable CD emulation?

[size="5"]Thanks very much for all your help and soooo very quickly. :thumbsup:



PS. I would like to ask your advice on how to use/contribute on this forum (i.e. me being able to help others) monitoring to see if i can help, that sort of thing, or should i post these questions.

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 19 January 2011 - 08:28 AM

Reboot your computer again (in case you haven't done so) and then do below..



Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Then, tell me how's the computer (I hope its good by now :) )

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 PappaG

PappaG
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 January 2011 - 02:45 AM

Hi fenzodahl512,

Apologies for delay in getting back to you yesterday afternoon but had a presentation dinner and was running late (lots of old and young acting really silly, excellent fun)

Done as requested and all went well, log attached.

On running my PC yesterday and this morning I have noticed at least the following:

Loading Windows in particular when desktop shows and app's finish loading (internet connection, McAfee etc) a lot quicker, at least 25% faster. :thumbsup:
IE opening faster, including search results on either single click or open in new tab (zap it's open, haven't had that for a long time) NO REDIRECTS AT ALL! :thumbsup:
Opening other Apps like MSWord & MSExcel, again zap and it's open, literally. Usually takes several seconds (15sec approx) :thumbsup:
Yesterday were restarts from warm and this morning started from cold but no noticeable differences.
I don't know what else to say except it feels like a new PC.

And of course a very big thank you for all your help and advice and so quickly from original posting. :thumbsup: :thumbsup:

Could you just advice me on how I can try and avoid allowing this to happen again? and should I continue to keep malwarebytes doing regular scans?

Thanks again fenzodahl512, very much appreciated.
John.

--------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5553

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/01/2011 23:07:33
mbam-log-2011-01-19 (23-07-33).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 425496
Time elapsed: 2 hour(s), 56 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\aa family folder\computer related information and updates\bios updates\computerinventory_setup.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
e:\downloads\macromedia studio 8\iso unpacked files\FIX\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 20 January 2011 - 07:41 AM

(lots of old and young acting really silly, excellent fun)

I love that.. :lol:

should I continue to keep malwarebytes doing regular scans?

Yup, keep Malwarebytes' :)


Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 PappaG

PappaG
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 January 2011 - 01:28 PM

Hi fenzodahl512,

Everything seems fine, although a little slower on start up and loading programs.

Not a significant diffence to worry about, it is still a massive improvement.

Thanks for the article links, they are very helpful and shows I still have a little work to do to fully or better protect my PC. The only down side I can see is being spoilt for choice (if that is a down side). :wacko: :woot:

This has been an eye opener/wake up call for me in keeping on top of maintaining my PC (After all we look after our cars [well in general we do] as we need them regularly), so as we use our PC's more than the car it figures we should pay more attention to it's up keep. I don't know if this sounds stupid but I will be giving my PC more attention in future if only to prevent future headaches and that has been in no short measure to you and this forum. :thumbsup:

Would seem that due to there not being an all-in-one package (or a reliable one anyway) there are several programs that need to be installed and/or run.

I will create myself an inventory of software that is needed for future use (in case of change of PC system, upgrade O/S or hardware).

I can see you are very busy helping others, so thanks very much again for all your help and advice.

I believe with the links you have given me, I have sufficient information to progress my system to a better protected one, so if you believe there are no other tasks to complete I feel this post can be closed/completed.

I do have other questions which I will post in due course in the correct category.

Thanks again fenzodahl512. :) :thumbsup: :thumbsup: :clapping:

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 20 January 2011 - 09:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users