Jump to content

ozzie4

Members
  • Content Count

    41
  • Joined

  • Last visited

About ozzie4

  • Rank
    Member
  1. When attempting to uninstall ComboFix popup message said that "Windows could not find ComboFix" and thats probably because I had put in my Recycle Bin and then deleted everything in later. You have been a big help! No apologies needed from your end!
  2. All processes killed ========== FILES ========== C:UsersDavidDownloadsFlashPlayer.exe moved successfully. C:UsersDavidDownloadsiLividSetup (1).exe moved successfully. C:UsersDavidDownloadsiLividSetup.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: David ->Temp folder emptied: 6898336 bytes ->Temporary Internet Files folder emptied: 223537387 bytes ->Java cache emptied: 6764139 bytes ->Google Chrome cache emptied: 77300729 bytes
  3. C:ProgramDataSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:UsersAll UsersSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm C:UsersDavidDownloadsFlashPlayer.exe Win32/DomaIQ.C application C:UsersDavidDownloadsiLividSetup (1).exe Win32/Toolbar.SearchSuite application C:UsersDavidDownloadsiLividSetup.exe Win32/Toolbar.SearchSuite application C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5Q6G0K26Kindex[1].htm JS/Iframe.CV trojan C:WindowsSysWOW64configsystemprofileAppDataLo
  4. Thanks, that seems to have worked so far. Everything running good. I had uninstalled Chrome before but never that hidden file. I'll keep you posted. Dave
  5. Sorry, been looking for your reply but didn't realize it was posted on page 2. I will follow your most recent instructions and post results.
  6. Here's the extras.txt again. For some it didn't post whole log file. OTL Extras logfile created on: 5/7/2013 6:56:58 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.35% Memory free 7.60 Gb Paging File | 5.78 Gb Available in Paging File | 76.06% Paging File free Paging file locat
  7. OTL logfile created on: 5/8/2013 9:14:18 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 53.28% Memory free 7.60 Gb Paging File | 5.49 Gb Available in Paging File | 72.24% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Wind
  8. I reposted Custom Scan because i didn't see it above. netsvcs%SYSTEMDRIVE%*.exe/md5startexplorer.exewinlogon.exeUserinit.exesvchost.exeservices.exe/md5stop%systemroot%*. /rp /s%systemdrive%$Recycle.Bin|@;true;true;trueDRIVESCREATERESTOREPOINTHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAUHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs
  9. I followed instructions and ran OTL fine but not OTL Custom. Nothing worked from you 3rd bullet down except that I did get to the "What the Tech" page. When I clicked the only download button there all i got was a Custom Scan Log which i posted below. OTL logfile created on: 5/7/2013 6:56:58 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersDavidDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb T
  10. Still no change. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : David [Admin rights] Mode : Remove -- Date : 05/06/2013 20:20:54 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [PROXY IE] HKCU[...]Internet Settings : ProxyServer (hxxp=<local>) -> NOT REM
  11. No change. Just tried doing a search and I get redirected to yellow page.com, for example. Another search sends me to a site prompting me to up date flash player, which is where this all started I think.
  12. # AdwCleaner v2.300 - Logfile created 05/05/2013 at 13:50:29# Updated 28/04/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : David - OZZIE# Boot Mode : Normal# Running from : C:UsersDavidDesktopadwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramseBay.lnkFile Deleted : C:UsersPublicDesktopeBay.lnk ***** [Registry] ***** Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsgrusskartencenter.comKey Deleted : HKCUSoftwareMic
  13. Here is the ComboFix log. I know itn says the Comodo was enabled but I disabled the way it said in the link. ComboFix.txt
  14. Thanks Conspire. Here are the log files: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16476Run by David at 21:53:55 on 2013-05-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2082 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}FW: COMODO Firewall *Enab
×
×
  • Create New...