Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

IE10 browser & Outlook.com erratic [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#31 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,134 posts

Posted 28 January 2014 - 07:24 PM

I'm sorry but all I know to do is to keep replacing the reported files as they pop up.  Hopefully we can resolve this with a couple runs.

 

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
    FCopy::
    
    C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe | C:\Windows\SysWOW64\userinit.exe
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#32 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 190 posts

Posted 28 January 2014 - 08:53 PM

Hi Tomk,

 

Done. At first ComboFix said the date was 29Jan14 and it had expired. I downloaded a new copy from the original link you gave (it was a few bytes larger) and used it with no problems. Here is the log:

 

ComboFix 14-01-29.01 - Heather 29/01/2014  13:39:21.7.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2862 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe --> c:\windows\SysWOW64\userinit.exe
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29  )))))))))))))))))))))))))))))))
.
.
2014-01-29 02:45 . 2014-01-29 02:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-29 02:45 . 2014-01-29 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-28 05:58 . 2014-01-28 05:58 -------- d-----w- C:\FRST
2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-29 00:25 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-25 02:44 . 2014-01-26 04:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll
2014-01-24 09:51 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-28 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-01-29  13:47:43
ComboFix-quarantined-files.txt  2014-01-29 02:47
ComboFix2.txt  2014-01-28 04:47
ComboFix3.txt  2014-01-27 06:36
ComboFix4.txt  2014-01-26 11:12
ComboFix5.txt  2014-01-29 02:37
.
Pre-Run: 424,892,497,920 bytes free
Post-Run: 424,685,051,904 bytes free
.
- - End Of File - - 83CED2D6316C98796233F0AC5222BF6D
 



#33 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,134 posts

Posted 28 January 2014 - 10:01 PM

ComboFix said the date was 29Jan14

It is where you are, isn't it?  (It's still the 28th here).  ComboFix is updated regularly so each version expires every few days.

 

The good news is that no manipulated files were found this time.  It looks like we finally beat it down. :woot:

 

I realize that you are still having problems with Outlook.com.  Now that we believe you to be malware free, I suggest that you post in the browser, internet, and e-mail forum and seek help from the Tech Team.  When you post there, please give them full information on your system - Make, model, operating system.  Also, it would be good to post a link back to this thread so they can see the information you provided here.

 

But first... we need to clean up after ourselves:

 

 

  • Click START then RUN
  •  
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg

The above procedure will:

  • Implement some cleanup procedures.
  • Reset System Restore.

 

 

 

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.

 

 

If you have any tools or logs left... you can just delete them.

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved (at least as malware is concerned).  :thumbup:
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#34 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 190 posts

Posted 28 January 2014 - 11:45 PM

Hi Tomk,

 

Yes, I'm across the dateline in Australia.

 

I've done the two clean-up actions without a hitch.

 

I'll post the IE/Outlook.com issue as you suggest and get on with reading and implementing the references you have given me.

 

Thanks for your excellent and very timely help! As usual, I find you guys at WhatTheTech to be so dedicated and knowledgeable and a pleasure to deal with.



#35 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,134 posts

Posted 29 January 2014 - 02:02 AM

You are very welcome.

 

Good luck and be well! :thumbup:


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#36 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,134 posts

Posted 29 January 2014 - 02:02 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users