Jump to content

redirecting virus


nblue02
 Share

Recommended Posts

hi. i have some sort of virus redirecting me to stupid sites whenever i try to surf on web. Norton is not tracking the virus neither malwarebytes. I can't download anything because it won't open the page but something else.

the machine is a small dell mini 9 with XP.

What do you recommend? How I should proceed?

thanks

Link to post
Share on other sites

Hello nblue02! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

hello Borislav,

first of all, happy new year and thanks for the support!

I forgot to tell you that the "sick laptop" was not purchased new, so it might have a lot of stuff from previous owners. I guess the laptop was not properly "clean" before the sale.

i ran the DDS and here are the reports:

1 st report (Attach.txt):

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 2/15/2009 5:39:40 PM

System Uptime: 1/1/2011 3:38:47 AM (0 hours ago)

Motherboard: Dell Inc. | | CN0J14

Processor: Intel® Atom CPU N270 @ 1.60GHz | U1 | 1595/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 7 GiB total, 1.285 GiB free.

D: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

Hosts: 98.142.243.63 www.google.com

Hosts: 98.142.243.63 google.com

Hosts: 98.142.243.63 google.com.au

Hosts: 98.142.243.63 www.google.com.au

Hosts: 98.142.243.63 google.be

Hosts: 98.142.243.63 www.google.be

Hosts: 98.142.243.63 google.com.br

Hosts: 98.142.243.63 www.google.com.br

Hosts: 98.142.243.63 google.ca

Hosts: 98.142.243.63 www.google.ca

Hosts: 98.142.243.63 google.ch

Hosts: 98.142.243.63 www.google.ch

Hosts: 98.142.243.63 google.de

Hosts: 98.142.243.63 www.google.de

Hosts: 98.142.243.63 google.dk

Hosts: 98.142.243.63 www.google.dk

Hosts: 98.142.243.63 google.fr

Hosts: 98.142.243.63 www.google.fr

Hosts: 98.142.243.63 google.ie

Hosts: 98.142.243.63 www.google.ie

Hosts: 98.142.243.63 google.it

Hosts: 98.142.243.63 www.google.it

Hosts: 98.142.243.63 google.co.jp

Hosts: 98.142.243.63 www.google.co.jp

Hosts: 98.142.243.63 google.nl

Hosts: 98.142.243.63 www.google.nl

Hosts: 98.142.243.63 google.no

Hosts: 98.142.243.63 www.google.no

Hosts: 98.142.243.63 google.co.nz

Hosts: 98.142.243.63 www.google.co.nz

Hosts: 98.142.243.63 google.pl

Hosts: 98.142.243.63 www.google.pl

Hosts: 98.142.243.63 google.se

Hosts: 98.142.243.63 www.google.se

Hosts: 98.142.243.63 google.co.uk

Hosts: 98.142.243.63 www.google.co.uk

Hosts: 98.142.243.63 google.co.za

Hosts: 98.142.243.63 www.google.co.za

Hosts: 98.142.243.63 www.google-analytics.com

Hosts: 98.142.243.63 www.bing.com

Hosts: 98.142.243.63 search.yahoo.com

Hosts: 98.142.243.63 www.search.yahoo.com

Hosts: 98.142.243.63 uk.search.yahoo.com

Hosts: 98.142.243.63 ca.search.yahoo.com

Hosts: 98.142.243.63 de.search.yahoo.com

Hosts: 98.142.243.63 fr.search.yahoo.com

Hosts: 98.142.243.63 au.search.yahoo.com

Hosts: 98.142.243.63 www.youtube.com

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.0

Advanced Audio FX Engine

Battery Meter

Browser Address Error Redirector

Consumer In-Home Service Agreement

Dell Box.net Launcher

Dell Support Center (Support Software)

Dell Touchpad

Dell Webcam Central

EMSC

Eusing Free Registry Cleaner

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Java 6 Update 5

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 6.0 Parser (KB927977)

Norton Internet Security

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype

Link to post
Share on other sites

Happy New Year! :welcome:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

AFsAKgBd-Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

  • 2 weeks later...

hi!

this is what i got.

What should i do next?

thanks.

ComboFix 11-01-10.04 - Lynn 01/10/2011 21:15:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.517 [GMT -5:00]

Running from: D:\Combo-Fix.exe

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\e0a0e8

c:\documents and settings\All Users\Application Data\e0a0e8\5376.mof

c:\documents and settings\All Users\Application Data\e0a0e8\e0a0e8a337e5fbae7e17d04b8117cd24.ocx

c:\documents and settings\All Users\Application Data\e0a0e8\SME.ico

c:\documents and settings\All Users\Application Data\e0a0e8\xvip45e7tm9q01u8z6ax6n7tm9qhny2p45e7tmsavck6an.dll

c:\documents and settings\Lynn\Recent\ANTIGEN.sys

c:\documents and settings\Lynn\Recent\ANTIGEN.tmp

c:\documents and settings\Lynn\Recent\CLSV.dll

c:\documents and settings\Lynn\Recent\ddv.dll

c:\documents and settings\Lynn\Recent\dudl.drv

c:\documents and settings\Lynn\Recent\eb.exe

c:\documents and settings\Lynn\Recent\eb.tmp

c:\documents and settings\Lynn\Recent\energy.exe

c:\documents and settings\Lynn\Recent\energy.sys

c:\documents and settings\Lynn\Recent\energy.tmp

c:\documents and settings\Lynn\Recent\exec.tmp

c:\documents and settings\Lynn\Recent\fan.sys

c:\documents and settings\Lynn\Recent\grid.dll

c:\documents and settings\Lynn\Recent\hymt.tmp

c:\documents and settings\Lynn\Recent\kernel32.tmp

c:\documents and settings\Lynn\Recent\PE.sys

.

((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-01 03:46 . 2010-12-01 03:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-12-01 03:46 . 2010-12-01 03:46 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-14 1343488]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-13 16876032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-14 137752]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]

"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2008-09-18 546088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-13 08:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"7813:TCP"= 7813:TCP:Services

"7814:TCP"= 7814:TCP:Services

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [1/13/2009 3:16 AM 14248]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/30/2010 10:45 PM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/30/2010 10:45 PM 666672]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [12/12/2010 2:15 PM 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/30/2010 10:45 PM 134704]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/30/2010 10:44 PM 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/30/2010 11:20 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101231.001\IDSXpx86.sys [1/1/2011 4:05 AM 341944]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [1/13/2009 4:45 AM 93968]

R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [1/13/2009 4:45 AM 148056]

R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [1/13/2009 4:45 AM 144672]

R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [1/13/2009 4:45 AM 269760]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:32 PM 135664]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2E.tmp --> c:\windows\system32\2E.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

{4AEAC1B5-79ED-4DD7-9EBB0997220D23D2}

.

Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f3859045920.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:31]

2010-11-05 c:\windows\Tasks\User_Feed_Synchronization-{63F9D40C-F678-4242-92DC-11A15B80B78A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113

uInternet Settings,ProxyServer = http=127.0.0.1:25431

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-10 21:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\2E.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

.

Completion time: 2011-01-10 21:29:14

ComboFix-quarantined-files.txt 2011-01-11 02:29

Pre-Run: 1,219,813,376 bytes free

Post-Run: 1,483,948,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FDD7607C746AEF8F0019FCAD32F7C949

Link to post
Share on other sites

Open Notepad and copy and paste next in it:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Let me know how are things now.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.