Hi guys , i have worked through the advice posted , ran combo fix which helped a lot ,and removed what I can but there are still some problems.
I apologise if i have done this out of order.
Can someone find the time to look these scans over and post back please
Hi,
Who told you to run Combofix?
- Delete current version of Combofix, download new, fresh one from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.
- Open notepad and copy/paste the text present inside the code box below:
DirLook::
c:\program files\ContinueToSave
c:\documents and settings\All Users\Application Data\StarApp
Folder::
c:\program files\WebSearch
ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
File::
c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\{e0948f62-c1f6-11e2-8275-b8ac6f996f26}.xpi
DDS::
mStart Page = hxxp://websearch.pu-results.info/?pid=724&r=2013/05/15&hid=971332579&lg=EN&cc=AU
KillAll::
Firefox::
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=724&r=2013/05/15&hid=971332579&lg=EN&cc=AU&l=1&q=
FF - ExtSQL: 2013-05-17 11:34; paoeuu@fgtyqafd.edu; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\paoeuu@fgtyqafd.edu
FF - ExtSQL: 2013-05-17 11:34; xjmvmd@ioard.org; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\xjmvmd@ioard.org
FF - ExtSQL: 2013-05-23 17:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF - ExtSQL: 2013-06-12 12:56; {e0948f62-c1f6-11e2-8275-b8ac6f996f26}; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\{e0948f62-c1f6-11e2-8275-b8ac6f996f26}.xpi
FF - ExtSQL: !HIDDEN! 2013-05-17 11:34; paoeuu@fgtyqafd.edu; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\paoeuu@fgtyqafd.edu
FF - ExtSQL: !HIDDEN! 2013-05-17 11:34; xjmvmd@ioard.org; c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\e2dw1kpw.default\extensions\xjmvmd@ioard.org
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 40913830000000000000001a92e74e0a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15846
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:16
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - "quot;&affID=119816&tt=gc_190513_215
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
============= Next ============
Re-run OTL.exe.
[*]Download OTLFix.txt, attachment in my post.
Copy and paste the following text written in OTLFix.txt, into the Custom Scans/Fixes box.
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
============= Next ============
[]Download AdwCleaner (by Xplode) on your desktop.
[*]Launch it, click on the [Delete] Wait for the programme completes his work.
The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK
[] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt
Note: The report will also be stored on C:\AdwCleaner[S1].txt
thanks for your assistance Magna86 , I have completed the tasks and reports are attached . hope this fixes all the problems.
thanks again Peter
You need to be a litle more up to date with your response. For too long delaying attaching logs and work with Fixes…
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
installedprogs;
c:\documents and settings\All Users\Application Data\StarApp;f
filesrcm;
startupall;
c:\program files\ContinueToSave;f
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”