Remnants of a virus still on my PC

aliEnRIK

Uninstall the NECTAR toolbar

TICK and FIX these in hijack -
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Nectar Search Toolbar - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O23 - Service: TipCtrl - Unknown owner - C:\Program Files\uTIPu\TipCtrl.exe (file missing)

aliEnRIK

Open notepad and copy/paste the text in RED below

File::
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E06D286-E746-4B4E-8C37-7003DE4DC55E}\mpengine.dll
c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC76CE0D-4D15-40F6-9B3C-D5DF964D8DCF}\gapaengine.dll



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

mod81

If you have had a virus i would alway recommend to back up your personal data, format the drive and reinstall the operating system as once a virus has messed around with Windows systems files your computer may be open security risk or some viruses install root kits that aren't detected by anti virus software and could leave your computer open to further infection