Fingers crossed then, essexboy might just be back before turning in, but it is rather late for him now 11:35pm.
Looks good - just an orphan to remove ;D All your temp files are now empty so you should have gained a few GB of space
Have the redirects disappeared ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< FireFox SearchPlugins [User Folders] > ->
YY -> startpage-https.xml -> C:\Documents and Settings\Pam\Application Data\Mozilla\Firefox\Profiles\35637qgf.default\searchplugins\startpage-https.xml
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "TkBellExe" -> ["realsched.exe" -osboot]
[Files/Folders - Modified Within 30 Days]
NY -> MBR.dat -> C:\Documents and Settings\Pam\Desktop\MBR.dat
NY -> aswMBR.exe -> C:\Documents and Settings\Pam\Desktop\aswMBR.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Here ya go…
Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7161
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/16/2011 10:19:15 AM
mbam-log-2011-07-16 (10-19-15).txt
Scan type: Quick scan
Objects scanned: 181241
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Never showed anything here before and didn’t this time either.
The OTS fix finished this time and said it needed to reboot to finish removing files. Before or after reboot I didn’t get anything in a Notepad window to post here.
Still no redirects. It didn’t do it all the time before, but in the past it certainly would have done it before now, so I think I’m cured!
Ya know, I think I’m careful when I search and don’t think I click on anything that could be a problem and keep all my AV, etc. up to date, but guess I’m not as careful as I thought.
Can’t thank you enough essexboy!!
It was an infection within the Firefox extensions but I believe that has gone now
Run OTS and hit the cleanup button to remove the programme
Well, it still seems to be gone!
You’re the best, essexboy…thanks again!
Pam
My pleasure ;D