jabberwockdb

Members
  • Content count

    16
  • Joined

  • Last visited

About jabberwockdb

  • Rank
    New Member
  1. Hi Larry: FYI, I am getting email notifications now, but for some reason I never received the first email notification. The Here link just opens the My Settings page, I thought you were providing a sample of what the settings should look like. Thanks
  2. Excellent Expert!! Helped me on the weekend to boot!!! Thanks again!!!!

  3. Hi MrC Sorry for the confusion... Yes, McAfee was disabled during the scan, but when I performed the uninstall of Combofix, McAfee was enabled again. As the uninstall was proceeding, McAfee detected 3 Tool-Nircmd threats: firefox.exe, iexplore.exe, and n.pif. It quarantined these files. I was assuming these files were from Combofix and hoping that this action didn't affect the uninstall. Other than that, I think I completed all of the clean up tasks without any issues. I will probably be posting a new topic soon to help my mother-in-law with her computer. Thanks again for all your help!!!
  4. Hi MrC Just a quick question on the uninstall of ComboFix. McAfee was running as I was uninstalling ComboFix and it detected a couple of files that I a believe were used by combofix. Although Mcafee deleted those files during the uninstall, is it correct to assume McAfee didn't prevent Combofix from uninstalling properly? I believe I have a later version of Java than version 6. I also clicked on the java link and it confirmed V7 update 4 is the latest available. Thanks again for all your help. Will post positive feedback!
  5. Everything seems to be okay. The original problem was intermittent, but I feel confident that uninstalling those trojans and using roguekiller cleaned everything up. If the problem rears its head again, I'll let you know. With these specific trojans and viruses, what threats did they pose in regards to data? Thanks again for all your help!!!
  6. Thanks so much for helping me out on the weekend, MrC! OK The process didn't exist anymore since it was uninstalled. I was, however, able to delete the two registry items. After deletion, the status said REPLACED(0). Here is the log: RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: admin [Admin rights] Mode: Remove -- Date: 05/12/2012 15:36:00 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txtWhen the ComboFix ran, what viruses, if any, did it clean up? Thanks again!
  7. I forgot to mention, although I tried to uninstall "Anti-phishing Domain Advisor", the "C:\ProgramData\Anti-phishing Domain Advisor" folder still exists and has executable files in it. I don't know if the uninstall worked.
  8. MrC I deleted the folder; it was empty since I was able to uninstall it via the Control Panel. When using RogueKiller, am I supposed to do anything with the items it detected? I only sent the report but did not delete anything. When I try to run it now, it keeps crashing after I click "Scan", but I can see it is still detecting two HJ registry items. Thanks for all your help!
  9. Hi MrC I attached the log from ComboFix. Thanks ComboFix.txt
  10. Hi MrC I ran TDSSKiller and got "No Threats found".
  11. Thanks MrC: I uninstalled those programs . Here is the updated Rogue Killer report. I have the MVPS Hosts file on my computer now. RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: admin [Admin rights] Mode: Scan -- Date: 05/12/2012 07:33:30 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost #[iPv6] 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2552GSX ATA Device +++++ --- User --- [MBR] 551004de8a36225bd2117f3b1c7679bc [bSP] 5fdf007a7b891da1ca01d5fb4600053a : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST95005620AS ATA Device +++++ --- User --- [MBR] a4dd951913109349b3853eb49f2adfe0 [bSP] 8c93a053b28efc2e467209197d878d63 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 64000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 131893248 | Size: 128000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394037248 | Size: 284538 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  12. Hi Larry: I believe I set my settings to email me when a reply is posted to my followed topics, but I didn't receive an email this morning. Do you have a screen shot of how the settings should look? Thanks
  13. MrCharlie: After seeing that Anti-phishing.exe may be the culprit, I checked my control panel. I noticed that it was most likely installed when I downloaded "pdf creator". There were some other programs which were installed on that day as well. When you give me your recommendations, please let me know if these programs should be removed as well. Bekko Search Bar 1.0 Search.com Bar Adobe AIR Adobe Download Assistant PDF Creator Thanks again