Jump to content

Malware redirects searchs to 94.228.209.171 etc.


Recommended Posts

I downloaded a pdf from scribd.com and all hell broke loose, even though McAfee was installed and running.

So far, Malwarebytes (I bought the full version) has killed several files/objects, but each time I use a search engine I see an attempt to redirect to 94.228.209.171, 188.40.164.210, or 64.111.196.114 among other URLs. Malwarebytes Anti-Malware successfully blocks these attempts, but something in my system is definitely still infected. The system also starts and runs incredibly slow.

I think I have followed the instructions to run Malwarebytes and Avira correctly, followed by the instructions to run:

DeFogger - Disable,

DDS, and

GMER Rootkit Scanner

as shown in the pinned topics.

The the contents of 'DDS.txt' are here:

DDS (Ver_09-12-01.01) - NTFSx86

Run by Dennis at 22:19:32.01 on Fri 02/12/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1303 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Dennis\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: {A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - No File

BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CAdBlocker Object: {e24ad748-155e-4254-b674-4edf86e7e1df} - c:\progra~1\acronis\privac~1\Blocker.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sonic RecordNow!]

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

mPolicies-system: EnableLUA = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - c:\progra~1\acronis\privac~1\Blocker.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: internet

Trusted Zone: is-software-download.com

Trusted Zone: is10-soft-download.com

Trusted Zone: mcafee.com

Trusted Zone: buy-internetsecurity10.com

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: ljJDssQJ - ljJDssQJ.dll

SSODL: rujinuror - {b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll

STS: kupuhivus: {b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqNGXQH

LSA: Notification Packages = scecli henijuve.dll d

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dennis\applic~1\mozilla\firefox\profiles\f0hdd127.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {78C3C6FE-FD84-43EF-8381-BEF7844FBDD7} - c:\documents and settings\dennis\local settings\application data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-12 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-12 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-12 59664]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-2 214664]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-12 233136]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 74480]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-12 112592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-12 236368]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-14 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-18 359952]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-12 359624]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-12 1141712]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-12 19160]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-2 606736]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-2 40552]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-2-12 70408]

R3 SASENUM;SASENUM;c:\program files\superantispyware\sasenum.sys [2006-2-16 4096]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-12 33552]

R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

S2 dfbbadfabeed;5b5f45d62d002e18563f873ee163e9ad;c:\windows\dfbbadfabeed.exe /s --> c:\windows\dfbbadfabeed.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-2 144704]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-2 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-2 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-2 34248]

=============== Created Last 30 ================

2010-02-12 23:57:41 0 ----a-w- c:\documents and settings\dennis\defogger_reenable

2010-02-12 20:39:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-12 08:14:59 0 d-----w- c:\docume~1\dennis\applic~1\Malwarebytes

2010-02-12 08:14:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 08:14:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-12 08:14:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-12 08:14:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 07:24:12 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2010-02-12 07:24:11 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2010-02-12 07:24:11 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2010-02-12 06:22:00 882 ----a-w- c:\windows\RegSDImport.xml

2010-02-12 06:22:00 879 ----a-w- c:\windows\RegISSImport.xml

2010-02-12 06:22:00 767952 ----a-w- c:\windows\BDTSupport.dll.old

2010-02-12 06:22:00 767952 ----a-w- c:\windows\BDTSupport.dll

2010-02-12 06:22:00 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-02-12 06:22:00 131 ----a-w- c:\windows\IDB.zip

2010-02-12 06:22:00 1152444 ----a-w- c:\windows\UDB.zip

2010-02-12 06:21:59 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-02-12 06:21:59 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-02-12 06:21:59 1640400 ----a-w- c:\windows\PCTBDCore.dll.old

2010-02-12 06:19:37 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat

2010-02-12 06:19:37 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-02-12 06:19:05 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-02-12 06:19:05 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat

2010-02-12 06:19:05 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat

2010-02-12 06:19:05 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-02-12 06:18:43 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat

2010-02-12 06:18:43 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-02-12 06:18:34 0 d-----w- c:\program files\common files\PC Tools

2010-02-12 06:18:34 0 d-----w- c:\docume~1\dennis\applic~1\PC Tools

2010-02-12 06:18:34 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-02-12 05:07:29 0 d-----w- c:\program files\Enigma Software Group

2010-02-12 04:47:43 0 d-----w- c:\program files\Spyware Doctor

2010-02-11 21:52:14 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-02-11 21:52:14 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-02-11 21:52:09 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-02-11 21:52:09 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-02-11 21:51:57 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-02-11 21:51:57 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-02-11 21:51:37 0 ----a-w- c:\windows\Griku.bin

2010-02-11 21:51:36 120 ----a-w- c:\windows\Lsoquxawodafuve.dat

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:20:58 81920 ------w- c:\windows\system32\ieencode.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-07 03:38:50 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-11-30 06:12:43 71168 ----a-w- c:\windows\system32\LxrJD31s.exe

2009-11-30 06:12:43 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll

2009-11-30 06:12:43 249856 ----a-w- c:\windows\system32\LxrJD31.dll

2009-11-30 06:12:43 163840 ----a-w- c:\windows\system32\LxrJD31c.exe

2009-11-30 06:12:43 146432 ----a-w- c:\windows\system32\LxrJD31p.exe

2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

2001-05-24 16:59:30 162304 ----a-w- c:\program files\UNWISE.EXE

2008-05-06 04:38:51 460160 --sha-w- c:\windows\system32\HQXGNqss.ini2

============= FINISH: 22:25:52.50 ===============

This is the log from the last full scan by Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.44

Database version: 3730

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

2/12/2010 6:11:31 PM

mbam-log-2010-02-12 (18-11-31).txt

Scan type: Full Scan (C:\|)

Objects scanned: 264172

Time elapsed: 4 hour(s), 36 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{9EE8FFE7-A98B-401B-96FD-32A41CC0A7CC}\RP1\A0001010.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9EE8FFE7-A98B-401B-96FD-32A41CC0A7CC}\RP1\A0001031.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9EE8FFE7-A98B-401B-96FD-32A41CC0A7CC}\RP1\A0001032.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9EE8FFE7-A98B-401B-96FD-32A41CC0A7CC}\RP1\A0003249.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

And the two files, attach.txt and ark.txt are zipped and attached.

Any help would be greatly appreciated.

Malwarebytes.zip

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

This is the combofix log information:

ComboFix 10-02-16.01 - Dennis 02/16/2010 20:44:52.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -5:00]

Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}

c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome.manifest

c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome\content\_cfg.js

c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\chrome\content\overlay.xul

c:\documents and settings\Dennis\Local Settings\Application Data\{78C3C6FE-FD84-43EF-8381-BEF7844FBDD7}\install.rdf

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\system32\lsprst7.dll

c:\windows\system32\prsgrc.dll

.

((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))

.

2010-02-14 20:57 . 2010-02-15 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-02-14 20:57 . 2010-02-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-12 20:39 . 2010-02-12 20:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-12 10:57 . 2010-02-12 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-02-12 09:30 . 2010-02-12 09:30 -------- d-s---w- c:\documents and settings\LocalService\UserData

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes

2010-02-12 08:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 08:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-12 06:18 . 2010-02-17 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-02-12 05:45 . 2010-02-12 05:45 52224 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-12 05:44 . 2010-02-12 17:46 117760 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-12 05:08 . 2010-02-12 05:08 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Threat Expert

2010-02-12 05:07 . 2010-02-12 05:07 -------- d-----w- c:\program files\Enigma Software Group

2010-02-12 04:47 . 2010-02-17 01:51 -------- d-----w- c:\program files\Spyware Doctor

2010-02-12 04:47 . 2010-02-17 01:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-12 02:02 . 2010-02-12 02:02 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-02-11 21:52 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-02-11 21:52 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-02-11 21:52 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-02-11 21:52 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-02-11 21:51 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-02-11 21:51 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-02-11 21:51 . 2010-02-12 05:43 0 ----a-w- c:\windows\Griku.bin

2010-02-11 21:51 . 2010-02-12 16:48 120 ----a-w- c:\windows\Lsoquxawodafuve.dat

2010-01-21 18:00 . 2010-01-21 18:00 -------- d-----w- c:\documents and settings\Meredith\Local Settings\Application Data\ApplicationHistory

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-12 05:44 . 2008-05-06 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-11 21:50 . 2008-03-23 22:37 -------- d-----w- c:\program files\QuickTime

2010-02-04 14:29 . 2009-09-30 18:17 -------- d-----w- c:\program files\Google

2010-01-17 21:03 . 2009-11-25 21:18 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll

2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\documents and settings\Dennis\Application Data\McAfee

2009-12-30 04:18 . 2007-02-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-12-27 22:07 . 2007-02-03 00:22 57768 -c--a-w- c:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-27 19:12 . 2007-02-04 20:08 57768 -c--a-w- c:\documents and settings\Suzi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-27 18:46 . 2009-12-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\4D

2009-12-27 18:41 . 2009-12-27 18:41 -------- d-----w- c:\program files\4D Runtime Interpreted 2004.7

2009-12-27 18:40 . 2009-12-27 18:40 -------- d-----w- c:\program files\EVA

2009-12-24 16:09 . 2007-02-03 00:17 -------- d-----w- c:\program files\McAfee

2009-12-22 05:21 . 2006-06-23 16:33 667136 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll

2009-12-16 18:43 . 2007-02-02 18:11 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2003-07-16 20:39 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-07 03:38 . 2007-02-02 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-30 06:12 . 2007-02-02 20:43 71168 ----a-w- c:\windows\system32\LxrJD31s.exe

2009-11-30 06:12 . 2007-02-02 20:43 69824 ----a-w- c:\windows\system32\drivers\LxrJD31d.sys

2009-11-30 06:12 . 2007-02-02 20:43 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll

2009-11-30 06:12 . 2007-02-02 20:43 249856 ----a-w- c:\windows\system32\LxrJD31.dll

2009-11-30 06:12 . 2007-02-02 20:43 163840 ----a-w- c:\windows\system32\LxrJD31c.exe

2009-11-30 06:12 . 2007-02-02 20:43 146432 ----a-w- c:\windows\system32\LxrJD31p.exe

2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-25 21:22 . 2009-11-25 21:18 158 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll

2009-11-25 21:18 . 2009-11-25 21:18 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ujgwo2n.dll

2009-11-25 21:16 . 2009-11-25 21:16 1025 ----a-w- c:\windows\system32\sysprs7.dll

2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-07 198160]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=

"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=

"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=

"c:\\WINDOWS\\system32\\vssvc.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 3:14 AM 236368]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 8:41 PM 93320]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 3:14 AM 19160]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 dfbbadfabeed;5b5f45d62d002e18563f873ee163e9ad;c:\windows\dfbbadfabeed.exe /s --> c:\windows\dfbbadfabeed.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 1:17 PM 133104]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [2/16/2006 3:51 PM 4096]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17]

2010-02-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: internet

Trusted Zone: is-software-download.com

Trusted Zone: is10-soft-download.com

Trusted Zone: mcafee.com

Trusted Zone: buy-internetsecurity10.com

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\f0hdd127.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - (no file)

HKCU-Run-Sonic RecordNow! - (no file)

SharedTaskScheduler-{b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll

SSODL-rujinuror-{b9b87990-3351-4941-ad13-b050beadff63} - c:\windows\system32\maweyeri.dll

Notify-ljJDssQJ - ljJDssQJ.dll

Notify-WgaLogon - (no file)

AddRemove-Lights Out - c:\program files\The Adventure Company\Dark Fall\Lights Out\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-16 21:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3700)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\windows\system32\LxrJD31s.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\windows\System32\HPZipm12.exe

c:\program files\Analog Devices\SoundMAX\spkrmon.exe

c:\windows\system32\rundll32.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\mcafee.com\agent\mcupdate.exe

.

**************************************************************************

.

Completion time: 2010-02-16 21:22:49 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-17 02:22

Pre-Run: 23,499,993,088 bytes free

Post-Run: 24,468,672,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - BC4FA3A50C18CCF040C390768FCDC3DF

Link to post
Share on other sites

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\Griku.bin

c:\windows\Lsoquxawodafuve.dat

DDS::

Trusted Zone: buy-internetsecurity10.com

Trusted Zone: internet

Trusted Zone: is-software-download.com

Trusted Zone: is10-soft-download.com

Trusted Zone: buy-internetsecurity10.com

Driver::

dfbbadfabeed

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

This is the result of the most recent combofix log:

ComboFix 10-02-16.01 - Dennis 02/17/2010 22:21:49.1.1 - x86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1738 [GMT -5:00]

Running from: c:\documents and settings\Dennis\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Dennis\Desktop\CFScript.txt

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::

"c:\windows\Griku.bin"

"c:\windows\Lsoquxawodafuve.dat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Griku.bin

c:\windows\Lsoquxawodafuve.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DFBBADFABEED

-------\Service_dfbbadfabeed

((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))

.

2010-02-14 20:57 . 2010-02-15 00:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-02-14 20:57 . 2010-02-15 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-12 20:39 . 2010-02-12 20:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-02-12 10:57 . 2010-02-12 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-02-12 09:30 . 2010-02-12 09:30 -------- d-s---w- c:\documents and settings\LocalService\UserData

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes

2010-02-12 08:14 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-12 08:14 . 2010-02-12 08:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-12 08:14 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-12 06:18 . 2010-02-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-02-12 05:08 . 2010-02-12 05:08 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Threat Expert

2010-02-12 05:07 . 2010-02-12 05:07 -------- d-----w- c:\program files\Enigma Software Group

2010-02-12 04:47 . 2010-02-18 03:19 -------- d-----w- c:\program files\Spyware Doctor

2010-02-12 04:47 . 2010-02-18 03:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-12 02:02 . 2010-02-12 02:02 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-02-11 21:52 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-02-11 21:52 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-02-11 21:52 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-02-11 21:52 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-02-11 21:51 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-02-11 21:51 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-01-21 18:00 . 2010-01-21 18:00 -------- d-----w- c:\documents and settings\Meredith\Local Settings\Application Data\ApplicationHistory

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-18 03:07 . 2007-02-03 00:17 -------- d-----w- c:\program files\McAfee

2010-02-12 17:46 . 2010-02-12 05:44 117760 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-12 05:45 . 2010-02-12 05:45 52224 ----a-w- c:\documents and settings\Dennis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-12 05:44 . 2008-05-06 03:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-11 21:50 . 2008-03-23 22:37 -------- d-----w- c:\program files\QuickTime

2010-02-04 14:29 . 2009-09-30 18:17 -------- d-----w- c:\program files\Google

2010-01-17 21:03 . 2009-11-25 21:18 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll

2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 04:18 . 2009-12-30 04:18 -------- d-----w- c:\documents and settings\Dennis\Application Data\McAfee

2009-12-30 04:18 . 2007-02-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-12-27 22:07 . 2007-02-03 00:22 57768 -c--a-w- c:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-27 19:12 . 2007-02-04 20:08 57768 -c--a-w- c:\documents and settings\Suzi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-27 18:46 . 2009-12-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\4D

2009-12-27 18:41 . 2009-12-27 18:41 -------- d-----w- c:\program files\4D Runtime Interpreted 2004.7

2009-12-27 18:40 . 2009-12-27 18:40 -------- d-----w- c:\program files\EVA

2009-12-22 05:21 . 2006-06-23 16:33 667136 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:20 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll

2009-12-16 18:43 . 2007-02-02 18:11 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-08 19:27 . 2003-07-16 20:39 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-12-07 03:38 . 2007-02-02 18:29 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-11-30 06:12 . 2007-02-02 20:43 71168 ----a-w- c:\windows\system32\LxrJD31s.exe

2009-11-30 06:12 . 2007-02-02 20:43 69824 ----a-w- c:\windows\system32\drivers\LxrJD31d.sys

2009-11-30 06:12 . 2007-02-02 20:43 61440 ----a-w- c:\windows\system32\LxrJD20Sat.dll

2009-11-30 06:12 . 2007-02-02 20:43 249856 ----a-w- c:\windows\system32\LxrJD31.dll

2009-11-30 06:12 . 2007-02-02 20:43 163840 ----a-w- c:\windows\system32\LxrJD31c.exe

2009-11-30 06:12 . 2007-02-02 20:43 146432 ----a-w- c:\windows\system32\LxrJD31p.exe

2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-25 21:22 . 2009-11-25 21:18 158 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ssprs.dll

2009-11-25 21:18 . 2009-11-25 21:18 16 ---h--w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ujgwo2n.dll

2009-11-25 21:16 . 2009-11-25 21:16 1025 ----a-w- c:\windows\system32\sysprs7.dll

2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2001-05-24 16:59 . 2008-05-26 02:53 162304 ----a-w- c:\program files\UNWISE.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-03 65536]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-07 198160]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-02-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-02-12 05:43 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=

"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=

"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=

"c:\\WINDOWS\\system32\\vssvc.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 3:03 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 3:03 PM 74480]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/12/2010 3:14 AM 236368]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/14/2008 8:41 PM 93320]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/12/2010 3:14 AM 19160]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/30/2009 1:17 PM 133104]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\sasenum.sys [2/16/2006 3:51 PM 4096]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 18:17]

2010-02-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 16:22]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\f0hdd127.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{A095A6F6-B7E8-40E2-9A80-A235566C0FE6} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-17 22:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

@=""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3664)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\windows\system32\LxrJD31s.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\windows\System32\HPZipm12.exe

c:\program files\Analog Devices\SoundMAX\spkrmon.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

.

**************************************************************************

.

Completion time: 2010-02-17 22:43:03 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-18 03:42

ComboFix2.txt 2010-02-17 02:22

Pre-Run: 24,291,524,608 bytes free

Post-Run: 24,270,983,168 bytes free

- - End Of File - - 19A7CCD46A747E62A0BE0AE78533BE9A

Link to post
Share on other sites

  • Staff

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /Uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

The uninstall went just fine and everything appears to be working properly. I can't thank you enough! :) What virus did I have by the way?

Are there any other steps I need to take to return my system to normal?

Link to post
Share on other sites

  • Staff

Hi,

You were dealing with a several different types of malware here. Good to hear everything is OK again.

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Hi,

You were dealing with a several different types of malware here. Good to hear everything is OK again.

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Thanks again, you are awesome! :)

Is it okay to re-enable the defogger process now that everything is fixed?

Also, do I need to turn system restore off and restart it after a reboot?

D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.