dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 6, 2014 7:19:33 GMT -8
We need to remove the tools we've used during cleaning your machine [/a] [*]Ensure the following is ticked: - Remove disinfection tools
- Activate UAC
- Create registry backup
- Purge system restore
[/ul] Then click Run. The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. Once you have the log file saved, please reboot your system to complete the clean up process. Your system looks clean and your logs are fine. Unless Quads wants something else done, you are done and free to go.Final word from me: Surf safely, and watch when installing or letting anything add itself to your system. Remember, the best security is not on your system but in the chair in front of it. Take care and thanks for sticking with us in this rushed time.
|
|
|
Post by jmpauter on Nov 6, 2014 10:29:33 GMT -8
I just want to double check which boxes you want me to check, because the ones you stated in your post don't match the screen shot. I assume I should check the boxes you said to check and not the ones in the screen shot, but want to verify before I proceed.
|
|
|
Post by jmpauter on Nov 6, 2014 15:42:43 GMT -8
Bad news, I'm all loaded up with dllhost.exe *32 again....HELP!!!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 6, 2014 16:09:05 GMT -8
Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/div] [/b][/font] Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
[/ul][/ul] ----------------------------------------------------------- [/font] Combofix will disconnect your machine from the Internet as soon as it starts[/b] Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. [/ul] ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review. **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
|
|
|
Post by jmpauter on Nov 6, 2014 17:37:58 GMT -8
I have disabled Norton as instructed, but I still keep getting a pop up that says ComboFix has detected the following scanner: antispyware: Norton Security Suite.
I have Norton Security Suite v 21.6.0.32 and am Disabling both Antivirus Auto Protect and Smart Firewall, and still getting this message.
Should I just let the scan run as is....or is there some other piece that I'm just missing regarding shutting off Norton?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 6, 2014 18:12:08 GMT -8
As long as you have disabled them, let ComboFix run.
|
|
|
Post by jmpauter on Nov 6, 2014 18:49:25 GMT -8
Here is the ComboFix report:
ComboFix 14-10-29.01 - Joel 11/06/2014 20:23:39.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2134 [GMT -6:00] Running from: C:\Users\Joel\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk C:\Users\Joel\AppData\Roaming\hbbzvhx.dll C:\Users\Joel\Documents\~WRL0001.tmp J:\Autorun.inf K:\Autorun.inf K:\Setup.exe
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 6, 2014 20:13:39 GMT -8
That seems to be really short for the log.
Please check C:\Combofix.txt (current log) and C:\Qoobox\Combofix#.txt (for past logs). If there is any, please post them and let me know what you find.
|
|
|
Post by jmpauter on Nov 6, 2014 20:34:22 GMT -8
I can't find any other files like that. My current log is actually C:\ComboFix\ComboFix.txt and there aren't any files named ComboFix in C:\Qoobox.
Your question has me wondering if I messed this up by letting it runs for a bit before stopping it to ask you the question about the Norton notification that ComboFix was giving me. Is there any other spot that a log file could've been created? I hope I didn't mess this up and make this more difficult.
One odd thing I'm noticing now is that I can't get google.com or yahoo.com to load in IE (they do still load in Firefox), would this be somehow related to the rest of the stuff going on in my computer?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 6, 2014 21:18:12 GMT -8
Leave ComboFix as it is for right now. Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.
|
|