Jump to content

recurrance of google redirector


Recommended Posts

I recently successfully (I thought) removed some nasty malware, installed and updated a couple protection programs, but now it looks like I once again have a re-director infection. I am being occasionally sent to websites not of my choosing. Can't seem to detect it. I've included logs form ComboFix and HijackThis. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:38:34 PM, on 6/29/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\Rick Allen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.0.1.2:80

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517181944.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"

O4 - HKLM\..\Run: [screenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Rick Allen\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Rick Allen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08cb -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08cb -f video -m logitech -d 11.0.0.1217 (User 'Default user')

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: iMacros 7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - mscoree.dll (file missing)

O9 - Extra 'Tools' menuitem: iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - mscoree.dll (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {172826E5-EC1B-402E-9782-02E3D087E008} (SkyFex Remote Desktop (Internet Explorer Add-on)) - https://skyfex.com/download/en/skyfex.exe

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents.webex.com/client/T27LB/webex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 13344 bytes

ComboFix 11-06-29.06 - Rick Allen 06/29/2011 12:57:00.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.608 [GMT -7:00]

Running from: c:\documents and settings\Rick Allen\Desktop\Programs\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Rick Allen\g2mdlhlpx.exe

c:\documents and settings\Rick Allen\Local Settings\Application Data\{CE316DEA-F689-48AD-AC06-122170D9EF66}

c:\documents and settings\Rick Allen\Local Settings\Application Data\{CE316DEA-F689-48AD-AC06-122170D9EF66}\chrome.manifest

c:\documents and settings\Rick Allen\Local Settings\Application Data\{CE316DEA-F689-48AD-AC06-122170D9EF66}\chrome\content\_cfg.js

c:\documents and settings\Rick Allen\Local Settings\Application Data\{CE316DEA-F689-48AD-AC06-122170D9EF66}\chrome\content\overlay.xul

c:\documents and settings\Rick Allen\Local Settings\Application Data\{CE316DEA-F689-48AD-AC06-122170D9EF66}\install.rdf

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2011-06-29 05:57 . 2011-06-29 05:57 -------- d-----w- c:\program files\UPHClean

2011-06-22 08:32 . 2011-06-22 08:32 -------- d-----w- c:\program files\FoxTabVideoConverter

2011-06-22 07:46 . 2011-06-22 07:46 -------- d-----w- c:\documents and settings\Rick Allen\Application Data\StarfieldTechnologiesActiveX

2011-06-15 01:36 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-06-10 14:48 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-06-10 14:47 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2011-06-10 14:47 . 2011-06-10 14:47 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2011-06-10 13:44 . 2011-06-10 14:47 -------- d-----w- c:\program files\QuickTime

2011-06-10 03:59 . 2011-06-15 19:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-06-04 05:52 . 2011-06-04 05:52 0 ----a-w- c:\windows\Erowulefarizazo.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-29 05:07 . 2010-04-19 05:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-05-18 05:20 . 2011-05-18 10:24 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-05-17 06:49 . 2011-05-17 06:49 388096 ----a-r- c:\documents and settings\Rick Allen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-04 11:52 . 2010-06-11 21:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 09:25 . 2007-06-09 07:26 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 19:12 . 2011-05-18 04:53 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-04-29 17:25 . 2004-08-04 08:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 08:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01 . 2011-05-18 01:19 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01 . 2011-05-18 01:19 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01 . 2011-05-18 01:19 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01 . 2011-05-18 01:19 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01 . 2011-05-18 01:19 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01 . 2011-05-18 01:19 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01 . 2011-05-18 01:19 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01 . 2011-05-18 01:19 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-05-12 16:52 . 2010-05-12 16:52 101760 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2007-08-09 20:08 . 2007-09-19 21:12 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll

2007-08-09 20:10 . 2007-09-19 21:12 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll

2011-04-14 21:01 . 2011-05-18 01:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Rick Allen\Application Data\mjusbsp\cdloader2.exe" [2008-08-22 50520]

"SansaDispatch"="c:\documents and settings\Rick Allen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-31 79872]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]

"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-10-07 460048]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Rick Allen\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/17/2011 9:53 PM 64512]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/17/2011 6:19 PM 84200]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/17/2011 6:19 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/17/2011 6:19 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/17/2011 6:19 PM 88736]

S3 BusRMUSB;Remote USB Bus;c:\windows\system32\drivers\BusRMUSB.sys [3/23/2008 8:31 PM 43008]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/29/2011 12:11 PM 15232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/17/2011 6:19 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/17/2011 6:19 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 11:19]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-17 04:48]

.

2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-17 04:48]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 198.0.1.2:80

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: {{602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {A310506F-6BA4-48c4-8887-1F462277AA12} - mscoree.dll

TCP: DhcpNameServer = 192.168.0.1

DPF: {172826E5-EC1B-402E-9782-02E3D087E008} - hxxps://skyfex.com/download/en/skyfex.exe

DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} - hxxps://skyfex.com/download/SkyFexExpert.cab

DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} - hxxps://skyfex.com/download/SkyFexClient.cab

FF - ProfilePath - c:\documents and settings\Rick Allen\Application Data\Mozilla\Firefox\Profiles\mpb7y923.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.30foldbooks.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com

FF - Ext: Starfield Technologies: starfieldtechnologies@godaddy.com - %profile%\extensions\starfieldtechnologies@godaddy.com

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

FF - Ext: SkyFex Remote Desktop: skyfex@skyfex.com - %profile%\extensions\skyfex@skyfex.com

FF - Ext: StarfieldTechnologies: starfieldtechnologies@secureserver.net - %profile%\extensions\starfieldtechnologies@secureserver.net

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

.

.

------- File Associations -------

.

.txt=TextPad.txt

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-FoxTab Video Converter - c:\program files\FoxTabVideoConverter\Uninstall\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-29 13:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SansaDispatch = c:\documents and settings\Rick Allen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?o?d?y?>? ? ?<?/?h?t?m?l?>???>? ? ?????b?o????????? ?<?/?h?t?m?l?>???<?/?b?????y?>?????????h?t

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(6104)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\progra~1\mcafee\sitead~1\saHook.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\mfevtps.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\Viewpoint\Common\ViewpointService.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\rundll32.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\program files\HPQ\SHARED\HPQWMI.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2011-06-29 13:48:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-29 20:47

ComboFix2.txt 2011-05-18 22:43

ComboFix3.txt 2011-05-18 20:10

ComboFix4.txt 2011-05-17 16:27

.

Pre-Run: 19,156,422,656 bytes free

Post-Run: 19,341,758,464 bytes free

.

- - End Of File - - 69779903AFC402D4DCAB5F598D498235

Link to post
Share on other sites

Hello 30fold and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

-------------

Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Adaware icon in the system tray and select Exit.

(you may need to do this each time after you reboot.)

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
You have ComboFix running from a location other than the Desktop:
Please delete the following file (in bold): c:\documents and settings\Rick Allen\Desktop\Programs\ComboFix.exe
Then, download a new copy of ComboFix and save it to your Desktop.
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.