Ad show up on bottom left corner

[Oscar31415]

Until now after intense surfing over the internet didn't see an ad nor redirected to another website.. I hope i'm finally in the clear now..

 

So was there something with my DNS? (I'm very curious about this stuff, i love to learn)

[MrCharlie]

Yes it was these entries:
 

[DNS][PUM] HKLM\[...]\CCSet\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{866A9371-752B-4FD3-A003-259BAD6D0D8D} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{FD5D72CA-E5BB-480F-87F3-C748576E94EA} : NameServer (94.242.222.66,8.8.8.8 [LUXEMBOURG (LU) - UNITED STATES (US)]) -> FOUND

 

 

Here's the infection:
http://home.mcafee.com/virusinfo/virusprofile.aspx?key=6873545#none

 

----------------------------

If there's no other problems........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[Oscar31415]

I will do, my dog is sick. After that i will post it.

Oscar.

[MrCharlie]

OK.....Take Care of your dog!  MrC

[Oscar31415]

The dog is at his final time.

Anyway, here is the log:

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials       
Lavasoft Ad-Watch Live! Anti-Virus  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 8   
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


P.s: Still nog sign from the ad or redirected. So that's a good thing.
 

[MrCharlie]

Sorry about your dog.

 

The logs looks OK........

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Download Delfix from here and save it to your desktop.

• Ensure Remove disinfection tools is checked.
• Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!