Help! help!

I had the red bio-hazard desktop background that was removed with combo-fix... I'm sure there are still issues... here are the logs

 

Hi gosh1976!
Greetings

Please run Removing Zlob aka SmitFraud, SpySheriff, Infections

There will be two logs. Please attach the first one here in your thread before continuing on to the second part, or you'll overwrite the first log. Remember that to post to us, you have to leave a message, even if it's just the word hello.

abri

 

here's the first report... I'll do the second part now

 

no problems running that... here's the second report

 

Not sure if abri forgot about me or is just busy but anyway sorry to bump just thought I would post a new MGlogs so someone can take a look...

 

Hi gosh1976,

I don't see anything further in your logs. Are you having any other symptoms?

You can still do the following:




1) Go to add/remove programs and uninstall the below:

- Viewpoint Media Player
- Java 2 Runtime Environment, SE v1.4.2_03

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


Do the following belong to programs you know or want to keep? If not, please fix them as well.

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

abri

 

Thanks alot!!


The MusicMatch entry belonged to a jukebox program that I have un-installed so that HJT entry is gone. I have allready un-installed the old java thing and the viewpoint media player.

All the other final steps went fine.

I haven't seen any other symptoms everything is running fine! The only thing that worried me was I installed Comodo firewall and it showed a svchost process was sending packets to an ip address 77.x.x.x and it traced to some place in Russia. I did a "tasklist /svc" and as far as I could tell there wasn't anything there that shouldn't be. Hopefully it's harmless.

Thanks again for your help.

 

There should be a way to block specific addresses both incoming and outgoing. See if you can block that one. Run CCleaner religiously. If anything new develops, post back.

Other than that, Happy Surfing!
abri