Brandon1983 Posted November 6, 2010 ID:340642 Share Posted November 6, 2010 I recently got malware on my computer and was told to come here. I have downloaded your program and installed AVG and updated both. Both found and removed threats but they didnt get them all. i read around in your forums and deleted my restore points, and I ran ATF Cleaner for both IE 8 and Firefox.my problem is that on occasion 1/4 internet links or searches i perform get "redirected" to adds or what assuming is spyware?The most common redirects are to:7newsdaily.netInfoSmash (which I thought I killed days ago but its back).I tried to use combo fix (yes I downloaded it as the changed name as instructed in a guide) but even after disabling AVG 2011 for 15 mins it would not run and warned me against using it and closes. Was hoping you guys/gals could hep me out? What do you need from me? Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 7, 2010 ID:340824 Share Posted November 7, 2010 Hello Brandon1983 and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I Link to post Share on other sites More sharing options...
Brandon1983 Posted November 7, 2010 Author ID:340895 Share Posted November 7, 2010 Hello Brandon1983 and welcome to Malwarebytes. Please follow these guidelines while we work on your PC:[*]Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I Link to post Share on other sites More sharing options...
Brandon1983 Posted November 7, 2010 Author ID:340902 Share Posted November 7, 2010 I disabled AVG for 15 minutes and ran DDS.scr. It does not produce any txt files nor does it make any progress after 13 minutes. It just stays open. On a side note I ran Stopzilla and it found 97 threats and they were all named or partly named like the sites I have been redirected to. Problem is to "remove" the threats I would have to pay $30.00. That just feels to much like a coincidence...or im just overly paranoid.Rootkit Unhooker link times out. I found the software through another avenue but im not sure its what you want me to use I think its an older version and if I try to update it it also times out. Its version 3.7.300.509 . I ran DDS.scr in safe mode not sure if that even makes this useful to you or not:DDS (Ver_10-11-05.01) - NTFSx86 NETWORK Run by Brandon at 20:42:37.84 on Sat 11/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3050 [GMT -7:00]AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Smart Engine *On-access scanning enabled* (Updated) {C6856A51-15AC-4A45-9CF4-8BD4DACC4579}FW: Smart Engine *enabled* {DCA89C9F-3B77-47B5-A946-56435694E95D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Brandon\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Settings,ProxyServer = http=127.0.0.1:25471BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [sansaDispatch] c:\documents and settings\brandon\application data\sandisk\sansa updater\SansaDispatch.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [CTHelper] CTHELPER.EXEmRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exedRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'StartupFolder: c:\docume~1\brandon\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f6d4050\v1\Belkinwcui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exeuPolicies-explorer: DisallowRun = 1 (0x1)IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLDPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200274786326DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllIFEO: image file execution options - svchost.exe================= FIREFOX ===================FF - ProfilePath - c:\docume~1\brandon\applic~1\mozilla\firefox\profiles\ce3j9wen.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);============= SERVICES / DRIVERS ===============R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-2-24 173328]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]=============== Created Last 30 ================2010-11-06 23:57:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard2010-11-06 23:56:56 -------- d-----w- c:\program files\STOPzilla!2010-11-06 23:56:55 -------- d-----w- c:\program files\common files\iS32010-11-06 23:56:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!2010-11-04 06:09:54 -------- dc-h--w- c:\windows\ie82010-10-31 22:54:49 -------- d-----w- c:\docume~1\brandon\locals~1\applic~1\PMB Files2010-10-31 22:54:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files2010-10-31 21:50:10 -------- d--h--w- C:\$AVG2010-10-31 21:35:12 -------- d-----w- c:\docume~1\brandon\applic~1\AVG102010-10-31 21:33:00 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files2010-10-31 21:31:40 -------- d-----w- c:\windows\system32\drivers\AVG2010-10-31 21:31:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG102010-10-31 21:31:05 -------- d-----w- c:\program files\AVG2010-10-31 21:24:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData2010-10-25 17:34:19 -------- d-----w- c:\program files\MSECache2010-10-24 20:57:30 -------- d-----w- c:\docume~1\brandon\applic~1\Malwarebytes2010-10-24 20:57:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-10-24 20:57:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-10-24 20:57:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-10-24 20:57:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-10-24 20:46:44 -------- d-sh--w- c:\docume~1\brandon\applic~1\Smart Engine2010-10-24 20:46:44 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMETDE2010-10-24 20:45:58 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\2ea96d2010-10-22 02:03:32 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM2010-10-22 00:00:53 -------- d-----w- c:\docume~1\brandon\locals~1\applic~1\Nexway2010-10-14 07:30:04 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll2010-10-14 07:30:04 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2010-10-14 07:29:59 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll==================== Find3M ====================2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll============= FINISH: 20:43:41.57 ===============Attach.txt Link to post Share on other sites More sharing options...
Brandon1983 Posted November 7, 2010 Author ID:340904 Share Posted November 7, 2010 This is what i got from Rootunhooker (ope its the newest version im supposed to be using):RkUnhooker report generator v0.7==============================================Rootkit Unhooker kernel version: 3.7.300.509==============================================Windows Major Version: 5Windows Minor Version: 1Windows Build Number: 2600==============================================>DriversDriver: C:\WINDOWS\system32\DRIVERS\nv4_mini.sysAddress: 0xB5336000Size: 10604544 bytesDriver: C:\WINDOWS\System32\nv4_disp.dllAddress: 0xBD012000Size: 6344704 bytesDriver: C:\WINDOWS\system32\ntkrnlpa.exeAddress: 0x804D7000Size: 2150400 bytesDriver: PnpManagerAddress: 0x804D7000Size: 2150400 bytesDriver: RAWAddress: 0x804D7000Size: 2150400 bytesDriver: WMIxWDMAddress: 0x804D7000Size: 2150400 bytesDriver: Win32kAddress: 0xBF800000Size: 1855488 bytesDriver: C:\WINDOWS\System32\win32k.sysAddress: 0xBF800000Size: 1855488 bytesDriver: C:\WINDOWS\system32\drivers\ha10kx2k.sysAddress: 0xB2DF3000Size: 1064960 bytesDriver: C:\WINDOWS\system32\drivers\ctac32k.sysAddress: 0xB2D03000Size: 638976 bytesDriver: Ntfs.sysAddress: 0xB7DE2000Size: 577536 bytesDriver: C:\WINDOWS\system32\DRIVERS\rt2870.sysAddress: 0xB2A45000Size: 552960 bytesDriver: C:\WINDOWS\system32\drivers\ctaud2k.sysAddress: 0xB521E000Size: 499712 bytesDriver: C:\WINDOWS\System32\DRIVERS\mrxsmb.sysAddress: 0xB29D5000Size: 458752 bytesDriver: C:\WINDOWS\System32\DRIVERS\update.sysAddress: 0xB5049000Size: 385024 bytesDriver: C:\WINDOWS\System32\DRIVERS\tcpip.sysAddress: 0xB2C4F000Size: 364544 bytesDriver: C:\WINDOWS\System32\DRIVERS\srv.sysAddress: 0xB1FCB000Size: 360448 bytesDriver: C:\WINDOWS\system32\DRIVERS\avgtdix.sysAddress: 0xB2C07000Size: 294912 bytesDriver: C:\WINDOWS\System32\ATMFD.DLLAddress: 0xBFFA0000Size: 286720 bytesDriver: C:\WINDOWS\System32\Drivers\HTTP.sysAddress: 0xB170F000Size: 266240 bytesDriver: C:\WINDOWS\system32\DRIVERS\avgldx86.sysAddress: 0xB2999000Size: 245760 bytesDriver: C:\WINDOWS\system32\drivers\ctoss2k.sysAddress: 0xB51C7000Size: 208896 bytesDriver: C:\WINDOWS\System32\DRIVERS\rdpdr.sysAddress: 0xB50CF000Size: 196608 bytesDriver: ACPI.sysAddress: 0xB7F50000Size: 188416 bytesDriver: C:\WINDOWS\system32\drivers\emupia2k.sysAddress: 0xB2DC6000Size: 184320 bytesDriver: C:\WINDOWS\System32\DRIVERS\mrxdav.sysAddress: 0xB219E000Size: 184320 bytesDriver: NDIS.sysAddress: 0xB7DB5000Size: 184320 bytesDriver: C:\WINDOWS\system32\drivers\kmixer.sysAddress: 0xB01F7000Size: 176128 bytesDriver: C:\WINDOWS\System32\DRIVERS\rdbss.sysAddress: 0xB2ACC000Size: 176128 bytesDriver: C:\WINDOWS\system32\drivers\hap16v2k.sysAddress: 0xB2EF7000Size: 172032 bytesDriver: szkgfs.sysAddress: 0xB7F7E000Size: 167936 bytesDriver: C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.SysAddress: 0xB1E8B000Size: 163840 bytesDriver: C:\WINDOWS\System32\DRIVERS\netbt.sysAddress: 0xB2BB9000Size: 163840 bytesDriver: C:\WINDOWS\system32\drivers\ctsfm2k.sysAddress: 0xB2D9F000Size: 159744 bytesDriver: dmio.sysAddress: 0xB7EFA000Size: 155648 bytesDriver: C:\WINDOWS\System32\DRIVERS\ipnat.sysAddress: 0xB2BE1000Size: 155648 bytesDriver: C:\WINDOWS\System32\Drivers\Fastfat.SYSAddress: 0xB1CA7000Size: 147456 bytesDriver: C:\WINDOWS\system32\drivers\portcls.sysAddress: 0xB51FA000Size: 147456 bytesDriver: C:\WINDOWS\System32\DRIVERS\USBPORT.SYSAddress: 0xB5298000Size: 147456 bytesDriver: C:\WINDOWS\System32\DRIVERS\ks.sysAddress: 0xB52BC000Size: 143360 bytesDriver: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xB2B97000Size: 139264 bytesDriver: ACPI_HALAddress: 0x806E4000Size: 134400 bytesDriver: C:\WINDOWS\system32\hal.dllAddress: 0x806E4000Size: 134400 bytesDriver: fltmgr.sysAddress: 0xB7EAB000Size: 131072 bytesDriver: ftdisk.sysAddress: 0xB7F20000Size: 126976 bytesDriver: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sysAddress: 0xB5307000Size: 110592 bytesDriver: Mup.sysAddress: 0xB7D9B000Size: 106496 bytesDriver: atapi.sysAddress: 0xB7EE2000Size: 98304 bytesDriver: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xB28B9000Size: 98304 bytesDriver: KSecDD.sysAddress: 0xB7E82000Size: 94208 bytesDriver: C:\WINDOWS\System32\DRIVERS\ndiswan.sysAddress: 0xB51B0000Size: 94208 bytesDriver: C:\WINDOWS\System32\DRIVERS\irda.sysAddress: 0xB2333000Size: 90112 bytesDriver: C:\WINDOWS\system32\drivers\wdmaud.sysAddress: 0xB20C1000Size: 86016 bytesDriver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYSAddress: 0xB5322000Size: 81920 bytesDriver: C:\WINDOWS\System32\DRIVERS\ipsec.sysAddress: 0xB2CA8000Size: 77824 bytesDriver: WudfPf.sysAddress: 0xB7E6F000Size: 77824 bytesDriver: C:\WINDOWS\System32\drivers\dxg.sysAddress: 0xBD000000Size: 73728 bytesDriver: sr.sysAddress: 0xB7E99000Size: 73728 bytesDriver: pci.sysAddress: 0xB7F3F000Size: 69632 bytesDriver: C:\WINDOWS\System32\DRIVERS\psched.sysAddress: 0xB50FF000Size: 69632 bytesDriver: C:\WINDOWS\System32\Drivers\Cdfs.SYSAddress: 0xB8308000Size: 65536 bytesDriver: C:\WINDOWS\System32\DRIVERS\cdrom.sysAddress: 0xB8198000Size: 65536 bytesDriver: C:\WINDOWS\System32\DRIVERS\nic1394.sysAddress: 0xB81D8000Size: 65536 bytesDriver: ohci1394.sysAddress: 0xB80D8000Size: 65536 bytesDriver: C:\WINDOWS\System32\DRIVERS\serial.sysAddress: 0xB81B8000Size: 65536 bytesDriver: C:\WINDOWS\System32\DRIVERS\arp1394.sysAddress: 0xB8298000Size: 61440 bytesDriver: C:\WINDOWS\system32\drivers\drmk.sysAddress: 0xB81C8000Size: 61440 bytesDriver: C:\WINDOWS\System32\DRIVERS\redbook.sysAddress: 0xB81A8000Size: 61440 bytesDriver: C:\WINDOWS\system32\drivers\sysaudio.sysAddress: 0xB2253000Size: 61440 bytesDriver: C:\WINDOWS\System32\DRIVERS\usbhub.sysAddress: 0xB8238000Size: 61440 bytesDriver: C:\WINDOWS\System32\DRIVERS\1394BUS.SYSAddress: 0xB80E8000Size: 57344 bytesDriver: szkg.sysAddress: 0xB80A8000Size: 57344 bytesDriver: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYSAddress: 0xB8128000Size: 53248 bytesDriver: C:\WINDOWS\System32\DRIVERS\rasl2tp.sysAddress: 0xB81E8000Size: 53248 bytesDriver: VolSnap.sysAddress: 0xB8108000Size: 53248 bytesDriver: C:\WINDOWS\system32\DRIVERS\avgmfx86.sysAddress: 0xB8268000Size: 49152 bytesDriver: C:\WINDOWS\System32\DRIVERS\raspptp.sysAddress: 0xB8208000Size: 49152 bytesDriver: C:\WINDOWS\System32\Drivers\Fips.SYSAddress: 0xB82C8000Size: 45056 bytesDriver: C:\WINDOWS\system32\DRIVERS\imapi.sysAddress: 0xB8188000Size: 45056 bytesDriver: MountMgr.sysAddress: 0xB80F8000Size: 45056 bytesDriver: C:\WINDOWS\System32\DRIVERS\raspppoe.sysAddress: 0xB81F8000Size: 45056 bytesDriver: C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.SysAddress: 0xB2126000Size: 40960 bytesDriver: C:\WINDOWS\system32\DRIVERS\AVGIDSShim.SysAddress: 0xB2B17000Size: 40960 bytesDriver: isapnp.sysAddress: 0xB80C8000Size: 40960 bytesDriver: C:\WINDOWS\System32\Drivers\NDProxy.SYSAddress: 0xB8248000Size: 40960 bytesDriver: C:\WINDOWS\System32\DRIVERS\termdd.sysAddress: 0xB8228000Size: 40960 bytesDriver: AVGIDSEH.SysAddress: 0xB8148000Size: 36864 bytesDriver: disk.sysAddress: 0xB8118000Size: 36864 bytesDriver: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYSAddress: 0xB82E8000Size: 36864 bytesDriver: C:\WINDOWS\System32\DRIVERS\msgpc.sysAddress: 0xB8218000Size: 36864 bytesDriver: C:\WINDOWS\System32\DRIVERS\netbios.sysAddress: 0xB82A8000Size: 36864 bytesDriver: C:\WINDOWS\System32\DRIVERS\processr.sysAddress: 0xB8178000Size: 36864 bytesDriver: PxHelp20.sysAddress: 0xB8138000Size: 36864 bytesDriver: C:\WINDOWS\System32\DRIVERS\wanarp.sysAddress: 0xB8288000Size: 36864 bytesDriver: C:\WINDOWS\system32\drivers\ctprxy2k.sysAddress: 0xB83E8000Size: 32768 bytesDriver: C:\WINDOWS\System32\Drivers\Npfs.SYSAddress: 0xB83A0000Size: 32768 bytesDriver: C:\WINDOWS\system32\DRIVERS\usbccgp.sysAddress: 0xB83F8000Size: 32768 bytesDriver: C:\WINDOWS\system32\DRIVERS\usbehci.sysAddress: 0xB83B8000Size: 32768 bytesDriver: C:\WINDOWS\System32\DRIVERS\fdc.sysAddress: 0xB83C8000Size: 28672 bytesDriver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYSAddress: 0xB84B0000Size: 28672 bytesDriver: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYSAddress: 0xB8328000Size: 28672 bytesDriver: C:\WINDOWS\System32\DRIVERS\kbdclass.sysAddress: 0xB8450000Size: 24576 bytesDriver: C:\WINDOWS\System32\DRIVERS\mouclass.sysAddress: 0xB8458000Size: 24576 bytesDriver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYSAddress: 0xB83C0000Size: 24576 bytesDriver: C:\WINDOWS\System32\drivers\vga.sysAddress: 0xB8358000Size: 24576 bytesDriver: C:\WINDOWS\system32\DRIVERS\AegisP.sysAddress: 0xB8408000Size: 20480 bytesDriver: avgrkx86.sysAddress: 0xB8338000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\flpydisk.sysAddress: 0xB8488000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\irsir.sysAddress: 0xB83D8000Size: 20480 bytesDriver: C:\WINDOWS\System32\Drivers\Msfs.SYSAddress: 0xB8390000Size: 20480 bytesDriver: PartMgr.sysAddress: 0xB8330000Size: 20480 bytesDriver: C:\WINDOWS\System32\Drivers\PCASp50.sysAddress: 0xB8428000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\ptilink.sysAddress: 0xB8430000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\rasirda.sysAddress: 0xB8400000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\raspti.sysAddress: 0xB8440000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\TDI.SYSAddress: 0xB8410000Size: 20480 bytesDriver: C:\WINDOWS\System32\DRIVERS\usbohci.sysAddress: 0xB83B0000Size: 20480 bytesDriver: C:\WINDOWS\System32\watchdog.sysAddress: 0xB8470000Size: 20480 bytesDriver: C:\WINDOWS\system32\DRIVERS\kbdhid.sysAddress: 0xB5035000Size: 16384 bytesDriver: C:\WINDOWS\System32\DRIVERS\mssmbios.sysAddress: 0xB7D6F000Size: 16384 bytesDriver: C:\WINDOWS\System32\DRIVERS\ndisuio.sysAddress: 0xB25E5000Size: 16384 bytesDriver: C:\WINDOWS\System32\DRIVERS\serenum.sysAddress: 0xB8570000Size: 16384 bytesDriver: C:\WINDOWS\system32\BOOTVID.dllAddress: 0xB84B8000Size: 12288 bytesDriver: C:\WINDOWS\System32\drivers\Dxapi.sysAddress: 0xB2941000Size: 12288 bytesDriver: C:\WINDOWS\system32\DRIVERS\gameenum.sysAddress: 0xB8588000Size: 12288 bytesDriver: C:\WINDOWS\System32\DRIVERS\hidusb.sysAddress: 0xB503D000Size: 12288 bytesDriver: C:\WINDOWS\System32\DRIVERS\irenum.sysAddress: 0xB8574000Size: 12288 bytesDriver: C:\WINDOWS\system32\drivers\iviaspi.sysAddress: 0xB8564000Size: 12288 bytesDriver: C:\WINDOWS\System32\DRIVERS\mouhid.sysAddress: 0xB502D000Size: 12288 bytesDriver: C:\WINDOWS\System32\DRIVERS\ndistapi.sysAddress: 0xB8594000Size: 12288 bytesDriver: C:\WINDOWS\System32\DRIVERS\rasacd.sysAddress: 0xB859C000Size: 12288 bytesDriver: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0xB85C6000Size: 8192 bytesDriver: dmload.sysAddress: 0xB85AC000Size: 8192 bytesDriver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSAddress: 0xB85DE000Size: 8192 bytesDriver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYSAddress: 0xB85C2000Size: 8192 bytesDriver: C:\WINDOWS\system32\KDCOM.DLLAddress: 0xB85A8000Size: 8192 bytesDriver: C:\WINDOWS\System32\Drivers\mnmdd.SYSAddress: 0xB85CA000Size: 8192 bytesDriver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sysAddress: 0xB85CE000Size: 8192 bytesDriver: C:\WINDOWS\System32\DRIVERS\swenum.sysAddress: 0xB85B6000Size: 8192 bytesDriver: C:\WINDOWS\System32\DRIVERS\USBD.SYSAddress: 0xB85BA000Size: 8192 bytesDriver: C:\WINDOWS\System32\DRIVERS\WMILIB.SYSAddress: 0xB85AA000Size: 8192 bytesDriver: C:\WINDOWS\System32\DRIVERS\audstub.sysAddress: 0xB87BB000Size: 4096 bytesDriver: C:\WINDOWS\System32\drivers\dxgthk.sysAddress: 0xB8689000Size: 4096 bytesDriver: C:\WINDOWS\System32\Drivers\Null.SYSAddress: 0xB86BA000Size: 4096 bytesDriver: pciide.sysAddress: 0xB8670000Size: 4096 bytes==============================================>Stealth==============================================>Files==============================================>Hooksntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump at address 0x80504884 hook handler located in [ntkrnlpa.exe]ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump at address 0x80545CBE hook handler located in [ntkrnlpa.exe][3020]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9163C3 hook handler located in [firefox.exe][768]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll] Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 8, 2010 ID:341746 Share Posted November 8, 2010 Brandon1983:I'd recommend not paying for anything to clean this up.I'm not sure what is going on with Rootkit Unhooker, please run this instead: Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*] Then click the Scan button & wait for it to finish.[*] Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.[*]Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf you still can't run it, try in the Safe ModePlease include the following in your next post:GMER log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 11, 2010 Author ID:343172 Share Posted November 11, 2010 Ok here it is thank you for your time. Sorry about the delay getting back im a nursing student.Brandon1983:I'd recommend not paying for anything to clean this up.I'm not sure what is going on with Rootkit Unhooker, please run this instead: Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*] Then click the Scan button & wait for it to finish.[*] Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.[*]Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "Files" this time alsoIf you still can't run it, try in the Safe ModePlease include the following in your next post:GMER logGmer.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 11, 2010 ID:343462 Share Posted November 11, 2010 Brandon1983: Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - ComboFix will not run until AVG is uninstalled. This is because AVG falsely detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. You may do this through Control Panel > Add/Remove Programs or you can use this tool for a more complete removal:Download AppRemover from here saving it to your desktop.Double click to run AppRemoverFollow the prompts to remove AVGRebootOnce you've removed AVG please continue with these instructionsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 13, 2010 Author ID:344529 Share Posted November 13, 2010 Combo fix will not run on my computer as it stands now. When I start it up it gives me this:Error WIN 32 only:Incompatible OS. ComboFix only works for Workstations with Windows 2000 and XP.Classic..... Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 13, 2010 ID:344544 Share Posted November 13, 2010 No worries, we will get there - try this:Brandon1983:Delete your current copy of ComboFix, then follow these instructions:Download Combofix from any of the links below. Rename it to Brandon.com before saving it to your desktop.Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your Desktop* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on Brandon.com & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 13, 2010 Author ID:344662 Share Posted November 13, 2010 Thank you for your help I followed your altered combo fix instructions. I still am getting the same error message though. deletede all other isntanceds of combo fix and saved as Brandon.com to desktop. No go.No worries, we will get there - try this:Brandon1983:Delete your current copy of ComboFix, then follow these instructions:Download Combofix from any of the links below. Rename it to Brandon.com before saving it to your desktop.Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your Desktop* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on Brandon.com & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Notes:1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 14, 2010 ID:344852 Share Posted November 14, 2010 Brandon1983:OK, delete your current copy of ComboFix. Download another new copy, this time rename it iexplore.exe and save it directly to c:\ Then boot into the Safe Mode and run it from there.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 15, 2010 Author ID:345362 Share Posted November 15, 2010 Ok here it is Brandon1983:OK, delete your current copy of ComboFix. Download another new copy, this time rename it iexplore.exe and save it directly to c:\ Then boot into the Safe Mode and run it from there.Please include the following in your next post:ComboFix logcombolog.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 15, 2010 ID:345445 Share Posted November 15, 2010 Brandon1983:Great! Now, download a new copy of ComboFix to your desktop and run it using these instructions: Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::DDS::uInternet Settings,ProxyServer = http=127.0.0.1:25471DirLook::c:\documents and settings\All Users\Application Data\2ea96dDriver::6482C631FXDrv32rkhdrv40File::c:\windows\system32\6482C631.exee:\FXDrv32.sysSave this as CFScript to your desktop.Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 15, 2010 Author ID:345495 Share Posted November 15, 2010 Did as instructed. Combo fix start after i drag the notepad file onto it but after agreeing to the disclaimer it gives me this in the blue window:'SWREG' is not recognized as an internal or external command, operable program or batch file.I let it sit for about 8 mintues before I concluded it wasnt going to go any further or give any more info.Brandon1983:Great! Now, download a new copy of ComboFix to your desktop and run it using these instructions: Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::DDS::uInternet Settings,ProxyServer = http=127.0.0.1:25471DirLook::c:\documents and settings\All Users\Application Data\2ea96dDriver::6482C631FXDrv32rkhdrv40File::c:\windows\system32\6482C631.exee:\FXDrv32.sysSave this as CFScript to your desktop.Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.Please include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 15, 2010 Author ID:345498 Share Posted November 15, 2010 O.O! I tried to repeat the steps to make sure I didnt have a user error and my computer shut itself down and rebooted all on its lonesome. I think I failed to delete Combofix and "Re-redownload" combofix before trying to have it run your script a second time.Upon boot I got this message:Windows has recovered from a serious error.This is what the error code info was that i could copy:BCCode : 1000008e BCP1 : C0000005 BCP2 : B80AB8F2 BCP3 : B0109B68BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1 Did as instructed. Combo fix start after i drag the notepad file onto it but after agreeing to the disclaimer it gives me this in the blue window:'SWREG' is not recognized as an internal or external command, operable program or batch file.I let it sit for about 8 mintues before I concluded it wasnt going to go any further or give any more info. Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 15, 2010 ID:345858 Share Posted November 15, 2010 Let's back up a second. Check c:\ and tell me if the version of ComboFix you saved as iexplore.exe is still there. Link to post Share on other sites More sharing options...
Brandon1983 Posted November 16, 2010 Author ID:346063 Share Posted November 16, 2010 No I deleted that and downloaded the new one to the desktop. Was the script you made intended to be run from combofix in the C;\ drive?Let's back up a second. Check c:\ and tell me if the version of ComboFix you saved as iexplore.exe is still there. Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 16, 2010 ID:346203 Share Posted November 16, 2010 No, you did exactly as I instructed. Please look and confirm for me that the renamed ComboFix still exists in c:\ Link to post Share on other sites More sharing options...
Brandon1983 Posted November 16, 2010 Author ID:346346 Share Posted November 16, 2010 No, you did exactly as I instructed. Please look and confirm for me that the renamed ComboFix still exists in c:\Ok i do not see the .exe file no its gone. But I do see a folder in c:\ named ComboFix and another folder named Qoobox that had a txt file named ComboFix-quarantined-files.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 16, 2010 ID:346362 Share Posted November 16, 2010 Brandon1983:Alright, here is what we need to do:Go back to post #10 and follow those instructions to rename and save (don't run it yet) ComboFix to c:\ Follow the instructions in post #14 to create and save CFScript to your desktop.Press Start > Run or the Windows Key + R. Copy and past the command from the Codebox below into the run box and press OK:"C:\iexplore.exe" "C:\Documents and Settings\User\Desktop\CFScript.txt"This should launch CombFixPlease include the following in your next post:ComboFix log Link to post Share on other sites More sharing options...
Brandon1983 Posted November 19, 2010 Author ID:347606 Share Posted November 19, 2010 Ok deleted the old and saved comboix as Iexplorer to c;\ and ran your script from desktop using th4e command prompt via "run" from the start menu. here is the log. I asked to download recovery console but failed to detect my internet before it just continued on to malware scan.Brandon1983:Alright, here is what we need to do:Go back to post #10 and follow those instructions to rename and save (don't run it yet) ComboFix to c:\ Follow the instructions in post #14 to create and save CFScript to your desktop.Press Start > Run or the Windows Key + R. Copy and past the command from the Codebox below into the run box and press OK:"C:\iexplore.exe" "C:\Documents and Settings\User\Desktop\CFScript.txt"This should launch CombFixPlease include the following in your next post:ComboFix loglog.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 19, 2010 ID:347613 Share Posted November 19, 2010 Brandon1983: Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:c:\Qoobox\ComboFix-quarantined-files.txtThat should open a notepad file. Please post the contents of that file for mePlease include the following in your next post:Contents of ComboFix-quarantined-files.txt Link to post Share on other sites More sharing options...
Brandon1983 Posted November 19, 2010 Author ID:347660 Share Posted November 19, 2010 As you requested. Thanks for helping me its already running much better now.Brandon1983: Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:c:\Qoobox\ComboFix-quarantined-files.txtThat should open a notepad file. Please post the contents of that file for mePlease include the following in your next post:Contents of ComboFix-quarantined-files.txtComboFix_quarantined_files.txt Link to post Share on other sites More sharing options...
RPMcMurphy Posted November 19, 2010 ID:347668 Share Posted November 19, 2010 Good, we are making decent progress. Did you set this proxy up?uInternet Settings,ProxyServer = http=127.0.0.1:25471 Link to post Share on other sites More sharing options...
Recommended Posts