Jump to content

Recommended Posts

dds.txtattach.txtBig problems here. The symptoms are Ping.exe hogging the CPU. I can kill the process but it keeps coming back. IE redirects many times when searching on the Web. I have updated my Malwarebytes to the current version 1.60 and have accepted the trial version, so the redirects have stopped but receive messages from Malwarebytes that it has blocked IP addresses with potentially malicious malware, up to ten blocked sites a minute. I tried to remove the virus on my own, using the forums as a templete, as I have found that I have many of the symptoms other users have. So I ran ESET Online scanner which found and deleted several trojans, but could not remove Win32/Sirefef.DA trojan. Two other things I am using Forefront which has not updated since 17-December-2011 which is about the time I noticed issues. Also, I can not boot in Safe mode I don't know why either, but that has not worked for a longtime, probably over a year now. I will included the DDS.txt and Attach.txt, thanks for any help you may provide.
Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Thanks MrC, I hope you will be able to help me outFSS.txtRKreport1.txt. Attached are the requested files.

Link to post
Share on other sites

Here is the results but Cure was not offered as an option so skipped was selected.

20:18:17.0031 1972 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

20:18:17.0453 1972 ============================================================

20:18:17.0453 1972 Current date / time: 2012/01/02 20:18:17.0453

20:18:17.0453 1972 SystemInfo:

20:18:17.0453 1972

20:18:17.0453 1972 OS Version: 5.1.2600 ServicePack: 3.0

20:18:17.0453 1972 Product type: Workstation

20:18:17.0453 1972 ComputerName: SPT-NB0078

20:18:17.0453 1972 UserName: PCDAU

20:18:17.0453 1972 Windows directory: C:\WINDOWS

20:18:17.0453 1972 System windows directory: C:\WINDOWS

20:18:17.0453 1972 Processor architecture: Intel x86

20:18:17.0453 1972 Number of processors: 2

20:18:17.0453 1972 Page size: 0x1000

20:18:17.0453 1972 Boot type: Normal boot

20:18:17.0453 1972 ============================================================

20:18:18.0531 1972 Initialize success

20:18:44.0281 5808 ============================================================

20:18:44.0281 5808 Scan started

20:18:44.0281 5808 Mode: Manual; SigCheck; TDLFS;

20:18:44.0281 5808 ============================================================

20:18:45.0390 5808 Abiosdsk - ok

20:18:45.0406 5808 abp480n5 - ok

20:18:45.0546 5808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:18:45.0968 5808 ACPI - ok

20:18:46.0109 5808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

20:18:46.0203 5808 ACPIEC - ok

20:18:46.0281 5808 adpu160m - ok

20:18:46.0390 5808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:18:46.0609 5808 aec - ok

20:18:46.0812 5808 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

20:18:46.0921 5808 AegisP - ok

20:18:47.0062 5808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:18:47.0125 5808 AFD - ok

20:18:47.0140 5808 Aha154x - ok

20:18:47.0140 5808 aic78u2 - ok

20:18:47.0156 5808 aic78xx - ok

20:18:47.0203 5808 AliIde - ok

20:18:47.0218 5808 amsint - ok

20:18:47.0296 5808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:18:47.0593 5808 Arp1394 - ok

20:18:47.0703 5808 asc - ok

20:18:47.0796 5808 asc3350p - ok

20:18:47.0890 5808 asc3550 - ok

20:18:48.0000 5808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:18:48.0125 5808 AsyncMac - ok

20:18:48.0234 5808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:18:48.0500 5808 atapi - ok

20:18:48.0640 5808 Atdisk - ok

20:18:48.0703 5808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:18:48.0796 5808 Atmarpc - ok

20:18:48.0921 5808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:18:49.0046 5808 audstub - ok

20:18:49.0156 5808 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

20:18:49.0250 5808 b57w2k - ok

20:18:49.0375 5808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:18:49.0640 5808 Beep - ok

20:18:49.0750 5808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:18:49.0843 5808 cbidf2k - ok

20:18:49.0937 5808 cd20xrnt - ok

20:18:50.0031 5808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:18:50.0156 5808 Cdaudio - ok

20:18:50.0281 5808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:18:50.0468 5808 Cdfs - ok

20:18:50.0671 5808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:18:50.0843 5808 Cdrom - ok

20:18:50.0984 5808 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

20:18:51.0031 5808 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

20:18:51.0031 5808 cercsr6 - detected UnsignedFile.Multi.Generic (1)

20:18:51.0093 5808 Changer - ok

20:18:51.0187 5808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:18:51.0375 5808 CmBatt - ok

20:18:51.0515 5808 CmdIde - ok

20:18:51.0625 5808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:18:51.0750 5808 Compbatt - ok

20:18:51.0812 5808 Cpqarray - ok

20:18:51.0937 5808 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

20:18:52.0062 5808 ctxusbm - ok

20:18:52.0187 5808 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

20:18:52.0218 5808 CVirtA - ok

20:18:52.0390 5808 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

20:18:52.0453 5808 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

20:18:52.0453 5808 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

20:18:52.0531 5808 dac2w2k - ok

20:18:52.0609 5808 dac960nt - ok

20:18:52.0734 5808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:18:53.0031 5808 Disk - ok

20:18:53.0140 5808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:18:53.0265 5808 dmboot - ok

20:18:53.0437 5808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:18:53.0609 5808 dmio - ok

20:18:53.0734 5808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:18:53.0812 5808 dmload - ok

20:18:53.0953 5808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:18:54.0078 5808 DMusic - ok

20:18:54.0203 5808 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

20:18:54.0234 5808 DNE - ok

20:18:54.0250 5808 dpti2o - ok

20:18:54.0328 5808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:18:54.0500 5808 drmkaud - ok

20:18:54.0625 5808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:18:54.0828 5808 Fastfat - ok

20:18:54.0953 5808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:18:55.0078 5808 Fdc - ok

20:18:55.0156 5808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:18:55.0281 5808 Fips - ok

20:18:55.0375 5808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:18:55.0562 5808 Flpydisk - ok

20:18:55.0718 5808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:18:55.0921 5808 FltMgr - ok

20:18:56.0046 5808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:18:56.0171 5808 Fs_Rec - ok

20:18:56.0250 5808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:18:56.0437 5808 Ftdisk - ok

20:18:56.0578 5808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:18:56.0781 5808 Gpc - ok

20:18:56.0921 5808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:18:57.0093 5808 HDAudBus - ok

20:18:57.0328 5808 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:18:57.0500 5808 hidusb - ok

20:18:57.0562 5808 hpn - ok

20:18:57.0734 5808 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

20:18:57.0828 5808 HSFHWAZL - ok

20:18:57.0953 5808 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

20:18:58.0031 5808 HSF_DPV - ok

20:18:58.0171 5808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:18:58.0234 5808 HTTP - ok

20:18:58.0296 5808 i2omgmt - ok

20:18:58.0343 5808 i2omp - ok

20:18:58.0406 5808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:18:58.0546 5808 i8042prt - ok

20:18:58.0906 5808 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:18:59.0203 5808 ialm - ok

20:18:59.0265 5808 idisw2km - ok

20:18:59.0343 5808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:18:59.0437 5808 Imapi - ok

20:18:59.0515 5808 ini910u - ok

20:18:59.0546 5808 IntelIde - ok

20:18:59.0625 5808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:18:59.0796 5808 intelppm - ok

20:18:59.0921 5808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:19:00.0093 5808 Ip6Fw - ok

20:19:00.0687 5808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:19:00.0968 5808 IpFilterDriver - ok

20:19:01.0078 5808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:19:01.0187 5808 IpInIp - ok

20:19:01.0296 5808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:19:01.0390 5808 IpNat - ok

20:19:01.0468 5808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:19:01.0687 5808 IPSec - ok

20:19:01.0781 5808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:19:01.0937 5808 IRENUM - ok

20:19:02.0140 5808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:19:02.0312 5808 isapnp - ok

20:19:02.0453 5808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:19:02.0625 5808 Kbdclass - ok

20:19:02.0765 5808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:19:02.0937 5808 kbdhid - ok

20:19:03.0000 5808 kbstuff - ok

20:19:03.0109 5808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:19:03.0234 5808 kmixer - ok

20:19:03.0375 5808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:19:03.0453 5808 KSecDD - ok

20:19:03.0500 5808 Lavasoft Kernexplorer - ok

20:19:03.0546 5808 lbrtfdc - ok

20:19:03.0640 5808 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

20:19:03.0687 5808 MBAMProtector - ok

20:19:03.0859 5808 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

20:19:03.0937 5808 mdmxsdk - ok

20:19:04.0078 5808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:19:04.0296 5808 mnmdd - ok

20:19:04.0453 5808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:19:04.0593 5808 Modem - ok

20:19:04.0687 5808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:19:04.0812 5808 Mouclass - ok

20:19:04.0937 5808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:19:05.0062 5808 mouhid - ok

20:19:05.0203 5808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:19:05.0296 5808 MountMgr - ok

20:19:05.0453 5808 MpFilter (356842aac621ab40f18992c01a590f71) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

20:19:05.0484 5808 MpFilter - ok

20:19:05.0484 5808 mraid35x - ok

20:19:05.0531 5808 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:19:05.0578 5808 MRxDAV - ok

20:19:05.0640 5808 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:19:06.0921 5808 MRxSmb ( UnsignedFile.Multi.Generic ) - warning

20:19:06.0921 5808 MRxSmb - detected UnsignedFile.Multi.Generic (1)

20:19:07.0031 5808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:19:07.0140 5808 Msfs - ok

20:19:07.0312 5808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:19:07.0421 5808 MSKSSRV - ok

20:19:07.0515 5808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:19:07.0687 5808 MSPCLOCK - ok

20:19:07.0796 5808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:19:08.0031 5808 MSPQM - ok

20:19:08.0140 5808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:19:08.0296 5808 mssmbios - ok

20:19:08.0421 5808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:19:08.0515 5808 Mup - ok

20:19:08.0671 5808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:19:08.0890 5808 NDIS - ok

20:19:09.0031 5808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:19:09.0093 5808 NdisTapi - ok

20:19:09.0156 5808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:19:09.0265 5808 Ndisuio - ok

20:19:09.0343 5808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:19:09.0562 5808 NdisWan - ok

20:19:09.0765 5808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:19:09.0796 5808 NDProxy - ok

20:19:09.0890 5808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:19:10.0015 5808 NetBIOS - ok

20:19:10.0093 5808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:19:10.0328 5808 NetBT - ok

20:19:10.0453 5808 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

20:19:10.0656 5808 NETw4x32 - ok

20:19:10.0703 5808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:19:10.0843 5808 NIC1394 - ok

20:19:10.0890 5808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:19:11.0125 5808 Npfs - ok

20:19:11.0265 5808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:19:11.0390 5808 Ntfs - ok

20:19:11.0546 5808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:19:11.0656 5808 Null - ok

20:19:11.0796 5808 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

20:19:11.0828 5808 NWADI - ok

20:19:11.0906 5808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:19:12.0046 5808 NwlnkFlt - ok

20:19:12.0109 5808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:19:12.0265 5808 NwlnkFwd - ok

20:19:12.0375 5808 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys

20:19:12.0406 5808 NWUSBCDFIL - ok

20:19:12.0531 5808 NWUSBModem_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys

20:19:12.0562 5808 NWUSBModem_000 - ok

20:19:12.0671 5808 NWUSBPort2_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys

20:19:12.0703 5808 NWUSBPort2_000 - ok

20:19:12.0812 5808 NWUSBPort_000 (c7fb1635508d0009489a0f7e7743468a) C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys

20:19:12.0843 5808 NWUSBPort_000 - ok

20:19:12.0984 5808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:19:13.0187 5808 ohci1394 - ok

20:19:13.0265 5808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

20:19:13.0484 5808 Parport - ok

20:19:13.0625 5808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:19:13.0781 5808 PartMgr - ok

20:19:13.0890 5808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:19:14.0031 5808 ParVdm - ok

20:19:14.0171 5808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

20:19:14.0390 5808 PCI - ok

20:19:14.0531 5808 PCIDump - ok

20:19:14.0640 5808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:19:14.0812 5808 PCIIde - ok

20:19:14.0968 5808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:19:15.0062 5808 Pcmcia - ok

20:19:15.0125 5808 PDCOMP - ok

20:19:15.0234 5808 PDFRAME - ok

20:19:15.0234 5808 PDRELI - ok

20:19:15.0375 5808 PDRFRAME - ok

20:19:15.0468 5808 perc2 - ok

20:19:15.0500 5808 perc2hib - ok

20:19:15.0625 5808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:19:15.0843 5808 PptpMiniport - ok

20:19:16.0015 5808 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys

20:19:16.0046 5808 prepdrvr - ok

20:19:16.0187 5808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:19:16.0312 5808 PSched - ok

20:19:16.0406 5808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:19:16.0593 5808 Ptilink - ok

20:19:16.0656 5808 ql1080 - ok

20:19:16.0703 5808 Ql10wnt - ok

20:19:16.0703 5808 ql12160 - ok

20:19:16.0718 5808 ql1240 - ok

20:19:16.0718 5808 ql1280 - ok

20:19:16.0765 5808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:19:16.0875 5808 RasAcd - ok

20:19:17.0031 5808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:19:17.0171 5808 Rasl2tp - ok

20:19:17.0250 5808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:19:17.0421 5808 RasPppoe - ok

20:19:17.0546 5808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:19:17.0734 5808 Raspti - ok

20:19:17.0890 5808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:19:18.0109 5808 Rdbss - ok

20:19:18.0234 5808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:19:18.0359 5808 RDPCDD - ok

20:19:18.0500 5808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:19:18.0640 5808 rdpdr - ok

20:19:18.0781 5808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

20:19:18.0859 5808 RDPWD - ok

20:19:19.0000 5808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:19:19.0171 5808 redbook - ok

20:19:19.0406 5808 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

20:19:19.0453 5808 s24trans ( UnsignedFile.Multi.Generic ) - warning

20:19:19.0453 5808 s24trans - detected UnsignedFile.Multi.Generic (1)

20:19:19.0500 5808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:19:19.0593 5808 Secdrv - ok

20:19:19.0734 5808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

20:19:19.0859 5808 serenum - ok

20:19:19.0921 5808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

20:19:20.0062 5808 Serial - ok

20:19:20.0140 5808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:19:20.0265 5808 Sfloppy - ok

20:19:20.0328 5808 Simbad - ok

20:19:20.0468 5808 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS

20:19:20.0500 5808 SMSIVZAM5 - ok

20:19:20.0625 5808 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys

20:19:20.0640 5808 smsmdd - ok

20:19:20.0687 5808 Sparrow - ok

20:19:20.0765 5808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:19:20.0875 5808 splitter - ok

20:19:20.0937 5808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:19:21.0031 5808 sr - ok

20:19:21.0171 5808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:19:21.0250 5808 Srv - ok

20:19:21.0421 5808 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys

20:19:21.0546 5808 STHDA - ok

20:19:21.0687 5808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:19:21.0796 5808 swenum - ok

20:19:21.0921 5808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

20:19:22.0015 5808 swmidi - ok

20:19:22.0093 5808 symc810 - ok

20:19:22.0140 5808 symc8xx - ok

20:19:22.0156 5808 sym_hi - ok

20:19:22.0156 5808 sym_u3 - ok

20:19:22.0250 5808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

20:19:22.0375 5808 sysaudio - ok

20:19:22.0531 5808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:19:22.0593 5808 Tcpip - ok

20:19:22.0703 5808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:19:22.0796 5808 TDPIPE - ok

20:19:22.0875 5808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:19:23.0000 5808 TDTCP - ok

20:19:23.0078 5808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:19:23.0203 5808 TermDD - ok

20:19:23.0281 5808 TosIde - ok

20:19:23.0375 5808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:19:23.0484 5808 Udfs - ok

20:19:23.0546 5808 UIUSys - ok

20:19:23.0562 5808 ultra - ok

20:19:23.0656 5808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:19:23.0796 5808 Update - ok

20:19:23.0906 5808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:19:24.0015 5808 usbccgp - ok

20:19:24.0093 5808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:19:24.0218 5808 usbehci - ok

20:19:24.0312 5808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:19:24.0406 5808 usbhub - ok

20:19:24.0531 5808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:19:24.0625 5808 USBSTOR - ok

20:19:24.0765 5808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:19:24.0875 5808 usbuhci - ok

20:19:24.0953 5808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:19:25.0078 5808 VgaSave - ok

20:19:25.0156 5808 ViaIde - ok

20:19:25.0171 5808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:19:25.0312 5808 VolSnap - ok

20:19:25.0421 5808 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\WINDOWS\system32\DRIVERS\vpnva.sys

20:19:25.0437 5808 vpnva - ok

20:19:25.0546 5808 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

20:19:25.0656 5808 vsdatant - ok

20:19:25.0796 5808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:19:25.0921 5808 Wanarp - ok

20:19:26.0000 5808 WDICA - ok

20:19:26.0015 5808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:19:26.0125 5808 wdmaud - ok

20:19:26.0281 5808 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

20:19:26.0343 5808 winachsf - ok

20:19:26.0437 5808 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:19:26.0531 5808 WmiAcpi - ok

20:19:26.0640 5808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:19:26.0703 5808 WudfPf - ok

20:19:26.0781 5808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:19:26.0843 5808 WudfRd - ok

20:19:26.0890 5808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:19:27.0203 5808 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:19:27.0203 5808 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:19:27.0218 5808 Boot (0x1200) (9e6a22d65629f962ba4215ffc42c66b0) \Device\Harddisk0\DR0\Partition0

20:19:27.0218 5808 \Device\Harddisk0\DR0\Partition0 - ok

20:19:27.0218 5808 ============================================================

20:19:27.0218 5808 Scan finished

20:19:27.0218 5808 ============================================================

20:19:27.0328 0760 Detected object count: 5

20:19:27.0328 0760 Actual detected object count: 5

20:19:37.0046 0760 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

20:19:37.0046 0760 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:19:37.0046 0760 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

20:19:37.0046 0760 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:19:37.0046 0760 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user

20:19:37.0046 0760 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:19:37.0046 0760 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

20:19:37.0046 0760 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:19:37.0046 0760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:19:37.0046 0760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

Can you run it again and see if you can Cure this:

20:19:05.0640 5808 MRxSmb (c1d85b598874ed1a1d6c531af30edf75) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:19:06.0921 5808 MRxSmb ( UnsignedFile.Multi.Generic ) - warning

20:19:06.0921 5808 MRxSmb - detected UnsignedFile.Multi.Generic (1)

20:19:37.0046 0760 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user

20:19:37.0046 0760 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip

-------------------

Delete this one:

20:19:37.0046 0760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:19:37.0046 0760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

MrC

Link to post
Share on other sites

No Cure still not an option (skip, Quaratine, or Delete) so skip was seleted again for MRxSmb, delete was selected for DR0. I have included the summary of logfile.

21:06:59.0343 4368 Scan finished

21:06:59.0343 4368 ============================================================

21:06:59.0453 1060 Detected object count: 5

21:06:59.0453 1060 Actual detected object count: 5

21:07:44.0843 1060 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:44.0843 1060 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:07:44.0843 1060 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:44.0843 1060 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:07:44.0843 1060 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:44.0843 1060 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:07:44.0843 1060 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:44.0843 1060 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:07:44.0843 1060 \Device\Harddisk0\DR0\TDLFS - deleted

21:07:44.0843 1060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    mrxsmb.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

Here are the results:

SystemLook 30.07.11 by jpshortstuff

Log created at 21:35 on 02/01/2012 by PCDAU

(Limited User)

========== filefind ==========

Searching for "mrxsmb.sys"

C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys --a---- 457472 bytes [15:20 14/04/2011] [13:19 17/02/2011] FB7DFD15D760AD339837A470F0E780D3

C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys --a---- 457856 bytes [10:20 16/06/2011] [16:47 29/04/2011] 8DD801E28EB76FDA2A38907882A0036F

C:\WINDOWS\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys --a---- 457856 bytes [10:21 11/08/2011] [13:29 15/07/2011] FB2FCCC70F7174C7BF64F48E96D3ADF4

C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys --a---- 457216 bytes [18:42 14/05/2010] [11:57 24/02/2010] D09B9F0B9960DD41E73127B7814C115F

C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys --a--c- 451456 bytes [19:55 20/08/2009] [10:00 04/08/2004] 1FD607FC67F7F7C633C3DA65BFC53D18

C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys -----c- 455680 bytes [13:03 15/04/2011] [13:11 24/02/2010] F3AEFB11ABC521122B67095044169E98

C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys -----c- 455936 bytes [13:02 16/06/2011] [13:18 17/02/2011] 0EA4D8ED179B75F8AFA7998BA22285CA

C:\WINDOWS\$NtUninstallKB2536276-v2$\mrxsmb.sys -----c- 456320 bytes [13:04 11/08/2011] [16:19 29/04/2011] 0DC719E9B15E902346E87E9DCD5751FA

C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys --a--c- 456576 bytes [19:10 14/05/2010] [04:47 14/04/2008] 68755F0FF16070178B54674FE5B847B0

C:\WINDOWS\Driver Cache\i386\mrxsmb.sys --a---- 456320 bytes [18:42 14/05/2010] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0

C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys --a---- 456576 bytes [20:01 20/08/2009] [04:47 14/04/2008] 68755F0FF16070178B54674FE5B847B0

C:\WINDOWS\system32\dllcache\mrxsmb.sys --a--c- 456320 bytes [18:42 14/05/2010] [13:29 15/07/2011] 7D304A5EB4344EBEEAB53A2FE3FFB9F0

C:\WINDOWS\system32\drivers\mrxsmb.sys --a---- 456320 bytes [10:00 04/08/2004] [13:29 15/07/2011] C1D85B598874ED1A1D6C531AF30EDF75

-= EOF =-

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :files
    C:\WINDOWS\system32\drivers\mrxsmb.sys|C:\WINDOWS\system32\dllcache\mrxsmb.sys /replace


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

-------

That's it for tonight...be back tomorrow am.

MrC

Link to post
Share on other sites

MrC, Here it is. I hope the log is OK as I had to reboot three times. No internet connection issues either.

ComboFix 12-01-02.02 - PCDAU 01/03/2012 2:17.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1546 [GMT -5:00]

Running from: c:\documents and settings\PCDAU\Desktop\ComboFix.exe

AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\PCDAU\WINDOWS

c:\windows\$NtUninstallKB32888$

c:\windows\$NtUninstallKB32888$\1249625904

c:\windows\$NtUninstallKB32888$\2176451010\@

c:\windows\$NtUninstallKB32888$\2176451010\bckfg.tmp

c:\windows\$NtUninstallKB32888$\2176451010\cfg.ini

c:\windows\$NtUninstallKB32888$\2176451010\Desktop.ini

c:\windows\$NtUninstallKB32888$\2176451010\keywords

c:\windows\$NtUninstallKB32888$\2176451010\kwrd.dll

c:\windows\$NtUninstallKB32888$\2176451010\L\wboovcot

c:\windows\$NtUninstallKB32888$\2176451010\lsflt7.ver

c:\windows\$NtUninstallKB32888$\2176451010\U\00000001.@

c:\windows\$NtUninstallKB32888$\2176451010\U\00000002.@

c:\windows\$NtUninstallKB32888$\2176451010\U\00000004.@

c:\windows\$NtUninstallKB32888$\2176451010\U\80000000.@

c:\windows\$NtUninstallKB32888$\2176451010\U\80000004.@

c:\windows\$NtUninstallKB32888$\2176451010\U\80000032.@

c:\windows\system32\drivers\etc\lmhosts

.

Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 07:41 . 2012-01-03 07:41 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{8CE1C887-14A5-4C07-9CEA-FC91452C3CAD}\offreg.dll

2012-01-03 03:41 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-01-03 03:00 . 2012-01-03 03:00 -------- d-----w- C:\_OTL

2012-01-01 04:28 . 2012-01-01 04:28 -------- d-----w- c:\program files\ESET

2011-12-29 22:11 . 2011-12-29 22:11 -------- d-----w- c:\documents and settings\PCDAU\Application Data\Malwarebytes

2011-12-29 22:11 . 2011-12-29 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-29 22:11 . 2011-12-29 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-29 22:11 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-28 07:48 . 2011-12-28 07:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-12-25 03:22 . 2011-12-25 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSS

2011-12-25 03:22 . 2011-12-25 03:22 -------- d-----w- c:\documents and settings\PCDAU\Application Data\HPSS

2011-12-22 20:51 . 2011-12-22 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft

2011-12-22 20:48 . 2011-12-25 03:23 -------- d-----w- c:\documents and settings\PCDAU\Application Data\HP SimpleSave Application

2011-12-22 19:07 . 2011-12-22 19:07 -------- d-----w- c:\documents and settings\PCDAU\Application Data\ArcSoft

2011-12-22 05:20 . 2011-12-22 05:20 388096 ----a-r- c:\documents and settings\PCDAU\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-22 04:59 . 2011-12-22 04:59 -------- d-----w- c:\documents and settings\PCDAU\Local Settings\Application Data\Sunbelt Software

2011-12-19 00:54 . 2011-12-19 03:25 -------- d-----w- c:\documents and settings\PCDAU\Application Data\Hyiloz

2011-12-19 00:54 . 2011-12-19 01:00 -------- d-----w- c:\documents and settings\PCDAU\Application Data\Vyizz

2011-12-17 23:47 . 2011-12-17 23:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-12-17 21:15 . 2011-12-17 21:15 -------- d-----w- c:\documents and settings\PCDAU\Local Settings\Application Data\adaware

2011-12-17 21:15 . 2011-12-28 20:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection

2011-12-17 21:15 . 2011-12-29 03:01 -------- d-----w- c:\program files\Toolbar Cleaner

2011-12-17 21:15 . 2011-12-22 05:43 -------- d-----w- c:\documents and settings\PCDAU\Application Data\adawaretb

2011-12-17 21:15 . 2011-12-17 21:15 -------- d-----w- c:\program files\adawaretb

2011-12-17 21:14 . 2011-12-22 05:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\Lavasoft

2011-12-17 18:19 . 2011-12-17 18:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-17 15:29 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{8CE1C887-14A5-4C07-9CEA-FC91452C3CAD}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 10:47 . 2010-05-14 18:22 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-30 00:13 . 2011-09-10 13:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-08-20 17:29 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-29 06:53 . 2011-10-29 23:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2011-10-28 13:11 86696 ----a-w- c:\program files\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-28 86696]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-11-12 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\PCDAU\Start Menu\Programs\Startup\

HP SimpleSave Monitor.lnk - c:\documents and settings\PCDAU\Application Data\HP SimpleSave Application\StartHelper.exe [2011-12-24 477080]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-13302\Scripts\Logon\0\0]

"Script"=SPTimportprf.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-13302\Scripts\Logon\0\1]

"Script"=deleteOAB.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-13774\Scripts\Logon\0\0]

"Script"=SPTimportprf.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-13774\Scripts\Logon\0\1]

"Script"=deleteOAB.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-6811\Scripts\Logon\0\0]

"Script"=SPTimportprf.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-6811\Scripts\Logon\0\1]

"Script"=deleteOAB.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-9290\Scripts\Logon\0\0]

"Script"=SPTimportprf.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3594139612-2132465028-1357584514-9290\Scripts\Logon\0\1]

"Script"=deleteOAB.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"%windir%\explorer.exe"= %windir%\explorer.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]

R2 BackupService;BackupService;c:\documents and settings\PCDAU\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [12/24/2011 10:22 PM 83512]

R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/8/2011 5:06 PM 16896]

R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/29/2011 5:11 PM 652872]

R2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [7/21/2005 11:14 AM 134656]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [6/10/2011 3:54 PM 641464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/29/2011 5:11 PM 20464]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/10/2011 8:26 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/10/2011 8:26 AM 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 10:15 AM 31125880]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 9:52 AM 20480]

S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 9:52 AM 176384]

S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 9:52 AM 176384]

S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 9:52 AM 176384]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 7:29 PM 32408]

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\MP Scheduled Quick Scan.job

- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]

.

2012-01-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]

.

2012-01-03 c:\windows\Tasks\MP Scheduled Signature Update.job

- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 22:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://rgnet/sites/intranet

uInternet Settings,ProxyServer = isa.spptsteel.com:80

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 71.242.0.12

DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://spt-sql01.sppt.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=1wbtgm251n3c0a453k0ois55&ControlID=f4f750aecaa84d78aabe413c14b55c50&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab

DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} - hxxp://spt-ws0253/ConfigManager.cab

DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} - hxxp://spt-ws0253/EngineManager.cab

DPF: {CA888F03-45F5-11CF-80B2-0020AF19EE14} - hxxp://cmc-web-server/cab%20files/olec-3d.cab

DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} - hxxp://spt-ws0253/ImageViewer.cab

DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} - hxxp://spt-wis01/Wonderware/_library/codebase/3rdparty/teechart7.cab

FF - ProfilePath - c:\documents and settings\PCDAU\Application Data\Mozilla\Firefox\Profiles\rqdg7u7x.default\

FF - prefs.js: network.proxy.ftp - isa.spptsteel.com

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.http - isa.spptsteel.com

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - isa.spptsteel.com

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - isa.spptsteel.com

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 02:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3724)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMHost.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

.

**************************************************************************

.

Completion time: 2012-01-03 02:52:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-03 07:52

.

Pre-Run: 47,817,183,232 bytes free

Post-Run: 49,464,541,184 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 0243CA4BA094CCD4F4E57FCF712AF1FB

Link to post
Share on other sites

We got lucky!

Let me know if you recognize these two folders, see what's in them:

2011-12-19 00:54 . 2011-12-19 03:25 -------- d-----w- c:\documents and settings\PCDAU\Application Data\Hyiloz

2011-12-19 00:54 . 2011-12-19 01:00 -------- d-----w- c:\documents and settings\PCDAU\Application Data\Vyizz

You may have to "Enable Hidden files":

http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

MrC

Link to post
Share on other sites

Thank you for all your help, MrCharlie! The folders have been deleted and a scan has been run wit the results below.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.03.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PCDAU :: SPT-NB0078 [administrator]

Protection: Enabled

1/3/2012 8:48:05 AM

mbam-log-2012-01-03 (08-48-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226937

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great :)

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Please update your Java.....control panel > Java > Update tab > Update

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.