Posted 16 March 2009 - 11:15 AM
Thanks for the great support, and information in your community and forums here.
I have spent the last two nights trying to uninfect my wifes PC. I think I might have done it but would like verification.
I have faught Spyware and Infections for the last 13 years and did use some of your tools upon reading all the forums.
PROBLEM- Hijacked Browser
1. took over returned SERPs for searches ie: windows update provided fake SEPRs to shopping sites etc.
2. Also was do a 'hidden' launch of IEExplorer.
3. Prevented Restore points from working
4. Prevented many spyware programs from installing etc, even in SAFE mode. Renaming seemed to help a lot.
5. McAffee AV was disabled in Safemode
ALL LOGS are BELOW - can you please tell me if it appears that i am finally clean?
NOTE: All logs from Safe mode with networking boot.
WHAT I HAVE DONE (all with latest versions AFAIK) all logs follow:
1. ran Lavasoft Adaware (not anniversary edition), found some items and cleaned both regular and SAFE modes, with and without network connecitons
2. ran McAfee AV, found some items, deleted, but definitely 1 left not deleted but I could not find in report since i didn't run to completion
3. ran SDFix Safe Boot - struggled getting SDFix to work but finally did extract on 2nd computer and brought over extracted version to run .bat file. I Ran SDFix in Safe boot with Networking. Log doesn't appear to indicate it found anything.
4. Ran Combofix (again after struggling to get a valid rename to run). It ran, installed the Restore and completed. Note - after showing log file, the windows desktop did not restore. I had to shut down and reboot.
5. Ran Malwarebytes Quick Mode 2x (two times)- got rid of 9 minor things first pass, nothing found 2nd pass
6. Ran HijackTHis
7. rebootted Safe and regular modes and Ran Malwarebyte FULL Scan - 0 detections
I have all my Logs - Again, PLEASE TELL ME IF CLEAN AND ANY NEXT STEPS???
Thank you very much.
Guy ( gschlact )