Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am I Infected or Cleaned? v2

  • Please log in to reply
No replies to this topic

#1 gschlact


  • Members
  • 4 posts
  • Local time:11:20 AM

Posted 16 March 2009 - 11:15 AM

Hello -
Thanks for the great support, and information in your community and forums here.

I have spent the last two nights trying to uninfect my wifes PC. I think I might have done it but would like verification.
I have faught Spyware and Infections for the last 13 years and did use some of your tools upon reading all the forums.

PROBLEM- Hijacked Browser
1. took over returned SERPs for searches ie: windows update provided fake SEPRs to shopping sites etc.
2. Also was do a 'hidden' launch of IEExplorer.
3. Prevented Restore points from working
4. Prevented many spyware programs from installing etc, even in SAFE mode. Renaming seemed to help a lot.
5. McAffee AV was disabled in Safemode

ALL LOGS are BELOW - can you please tell me if it appears that i am finally clean?
NOTE: All logs from Safe mode with networking boot.

WHAT I HAVE DONE (all with latest versions AFAIK) all logs follow:
1. ran Lavasoft Adaware (not anniversary edition), found some items and cleaned both regular and SAFE modes, with and without network connecitons
2. ran McAfee AV, found some items, deleted, but definitely 1 left not deleted but I could not find in report since i didn't run to completion
3. ran SDFix Safe Boot - struggled getting SDFix to work but finally did extract on 2nd computer and brought over extracted version to run .bat file. I Ran SDFix in Safe boot with Networking. Log doesn't appear to indicate it found anything.
4. Ran Combofix (again after struggling to get a valid rename to run). It ran, installed the Restore and completed. Note - after showing log file, the windows desktop did not restore. I had to shut down and reboot.
5. Ran Malwarebytes Quick Mode 2x (two times)- got rid of 9 minor things first pass, nothing found 2nd pass
6. Ran HijackTHis
7. rebootted Safe and regular modes and Ran Malwarebyte FULL Scan - 0 detections


Thank you very much.
Guy ( gschlact )

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users