Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Search Results


  • This topic is locked This topic is locked
8 replies to this topic

#1 Michel87

Michel87

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:L.A.
  • Local time:11:23 PM

Posted 18 January 2009 - 07:17 PM

When I search in Google or Yahoo, about the first dozen (i.e., the best) search results look correct, but the site links redirect to bogus marketing sites.

I have Norton AntiVirus and have run SpyBot, without fixing the problem.

Thanks for any help!!!

Attached Files


Edited by Michel87, 18 January 2009 - 07:24 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:23 AM

Posted 19 January 2009 - 03:32 AM

Hi,

I don't see anything suspicious in your log. Is this the problem you are dealing with?
http://miekiemoes.blogspot.com/2008/10/fak...archengine.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Michel87

Michel87
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:L.A.
  • Local time:11:23 PM

Posted 25 January 2009 - 01:11 PM

Miekiemoes: Thanks so much for trying to help. No, that's not it. Here is a sample result when I do a Google search for "truck":

Truck - Wikipedia, the free encyclopedia
A truck is a type of motor vehicle commonly used for carrying goods and materials. Some light trucks are relatively small, similar in size to a passenger ...
www.expresdeals.com - 66k - Cached - Similar pages <<<------------

The first result, which looks like a Wikipedia entry, is in fact a link to a marketing site. It's usually the same 20 or so bogus sites whenever I search for something reasonably common. I'm more likely to get normal results if I search for something rare or esoteric. Thanks again!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:23 AM

Posted 25 January 2009 - 01:36 PM

Hi,

It still looks like the problem I linked to though..

Anyway, do next please..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Michel87

Michel87
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:L.A.
  • Local time:11:23 PM

Posted 25 January 2009 - 04:58 PM

Thanks again! Here's the ComboFix log. Aussi, si vous voulez, je peux lire le francais si c'est plus facile pour vous.

ComboFix 09-01-21.04 - Mark 2009-01-25 13:33:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.233 [GMT -8:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\system32\ntnet.drv
c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-18 22:01 . 2009-01-18 22:01 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-18 22:01 . 2009-01-25 13:25 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-18 19:13 . 2009-01-18 19:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-18 19:11 . 2003-04-28 10:15 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-01-18 19:11 . 2009-01-18 19:11 <DIR> d-------- c:\documents and settings\Administrator
2009-01-18 19:01 . 2009-01-18 19:01 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-18 19:01 . 2009-01-18 19:01 <DIR> d-------- c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com
2009-01-18 19:01 . 2009-01-18 19:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-18 19:00 . 2009-01-18 19:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-18 18:05 . 2009-01-18 18:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 18:05 . 2009-01-18 18:05 <DIR> d-------- c:\documents and settings\Mark\Application Data\Malwarebytes
2009-01-18 18:05 . 2009-01-18 18:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-18 18:05 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-18 18:05 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-18 15:59 . 2009-01-18 15:59 <DIR> d-------- c:\program files\Trend Micro
2009-01-10 17:30 . 2009-01-10 17:30 <DIR> d-------- c:\program files\CCleaner
2009-01-05 23:15 . 2009-01-05 23:15 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-04 14:34 . 2009-01-04 14:35 <DIR> d-------- c:\program files\Cobian Backup 9
2009-01-04 14:30 . 2009-01-04 14:32 9,600,512 --a------ c:\program files\cbSetup.exe
2008-12-26 18:11 . 2008-12-26 18:10 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-26 16:37 . 2008-12-26 17:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-26 16:37 . 2009-01-18 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-26 08:01 . 2008-12-26 08:01 3,166,208 --a------ c:\program files\saSetup64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 21:38 --------- d-----w c:\documents and settings\Mark\Application Data\DNA
2009-01-25 21:31 389,120 ----a-w c:\windows\SYSTEM32\CF23663.exe
2008-12-27 02:10 --------- d-----w c:\program files\Java
2008-12-27 01:55 --------- d-----w c:\program files\OFFICE11
2008-12-24 06:21 7,617,568 ----a-w c:\program files\Firefox Setup 3.0.5.exe
2008-12-12 17:01 3,067,904 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-05 09:52 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-06-30 02:03 449,888 ----a-w c:\program files\msgr8us.exe
2008-06-28 18:08 1,495,112 ----a-w c:\program files\install_flash_player.exe
2008-05-27 04:04 300,272 ----a-w c:\program files\MySpaceIM_Setup.exe
2008-02-26 08:34 606,176 ----a-w c:\program files\AmazonMP3Installer.exe
2005-11-24 08:38 1,611 ----a-w c:\program files\LimeWire 4.4.0.lnk
2004-10-07 01:13 617,664 ----a-w c:\program files\MSNToolbarSetup_en-us.exe
2003-12-15 17:44 9,134,648 ----a-w c:\program files\AdbeRdr60_enu.exe
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 84,992 --sha-w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DNA"="c:\program files\BitTorrent_DNA\dna.exe" [2007-05-23 216064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-04-28 151597]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-06-30 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-06-30 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"HostManager"="c:\program files\Common Files\AOL\1127711815\ee\AOLSoftware.exe" [2006-09-25 50736]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-24 155648]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Mark\Start Menu\Programs\Startup\
Hewlett-Packard Recorder.lnk - c:\program files\HP MAO\AiO\hp officejet k series\FRU\Remind32.exe [2000-08-24 67584]
Microsoft Works Calendar Reminders.lnk - c:\program files\MSWorks\Calendar\WKCALREM.EXE [1998-07-20 68368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HPAiODevice(hp officejet k series) - 1.lnk - c:\program files\HP MAO\AiO\hp officejet k series\Bin\hpoorn07.exe [2002-11-20 151552]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-07-16 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"aux3"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1002000.007\BHDrvx86.sys [2008-12-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1002000.007\cchpx86.sys [2008-12-16 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys [2009-01-15 274808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-02 99376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-16 115560]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HTTPFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-msnappau - c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mWindow Title = By DSLExtreme
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: dlisted.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {FFFDF6F2-F7BC-4B90-B789-CB7BBDA13AD6} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\lpg4ov4w.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\lpg4ov4w.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 13:39:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???gH???V??gH???SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp????X??????????????????>?w0 ?w????3??w???g?g?????????g?????CY??????-?sJ???2???????????<???? @???X???X???????????????????Y?????F?Q?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-25 13:44:39
ComboFix-quarantined-files.txt 2009-01-25 21:44:12

Pre-Run: 35,842,514,944 bytes free
Post-Run: 35,832,172,544 bytes free

211 --- E O F --- 2009-01-14 11:17:29

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:23 AM

Posted 25 January 2009 - 05:02 PM

Hi,

This looks ok again

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"="wdmaud.drv"

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Edited by miekiemoes, 25 January 2009 - 05:03 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Michel87

Michel87
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:L.A.
  • Local time:11:23 PM

Posted 25 January 2009 - 05:57 PM

OMG..... I think it's fixed!! Thank you! Can you kindly explain in simple terms what was wrong?

I really appreciate your help!!!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:23 AM

Posted 25 January 2009 - 07:57 PM

Can you kindly explain in simple terms what was wrong?

I actually already posted it earlier about what problem you were having and gave you the link to my blogpost where the infection is explained. :thumbup2:

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:23 AM

Posted 26 January 2009 - 06:46 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users