Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Changer Trojan?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lorze

Lorze

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 03 February 2010 - 05:11 PM

Hi Guys - hope you can help me!
Toshiba laptop with Windows Vista. Hasn't done Windows update since 9th Dec 2009. Browser will not go to microsoft.com. Windows Defender also not updated. Browser seems to go to some sites OK. Won't go to other sites like pandasoftware.com. Supposed tohave free Avira Personal Edition anti-virus, but cannot access the software control panel (no links from the start menu) and the Secuirty Center says it is out of date. Keyboard keys are sometimes sticky. Random websites come up at times. Ran ComboFix as another Forum said it fixed DNS Changer Trojans. I know you say don't run this without being asked to - sorry! It seemed to remove MyWebSearch toolbars, etc., but problem still exists.
Thanks for all your help so far.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Laura at 10:21:07.09 on 02/02/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1015.399 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004

(this crashed half way through but will repeat process and send in another message)

Thanks smile.gif

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Laura\Desktop\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Desktop SMS] c:\program files\idm\desktop sms\DesktopSMS.exe /auto
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm301YYGB
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\lpg7xg75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\users\laura\appdata\roaming\mozilla\firefox\profiles\lpg7xg75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\laura\appdata\roaming\mozilla\firefox\profiles\lpg7xg75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S2 gupdate1c99cfb418d9ae4;Google Update Service (gupdate1c99cfb418d9ae4);c:\program files\google\update\GoogleUpdate.exe [2009-3-4 133104]
S2 ohihmizfe;Manager System;c:\windows\system32\svchost.exe -k netsvcs [2008-6-14 21504]

=============== Created Last 30 ================

2010-02-01 13:13:08 4096 ----a-w- c:\windows\system32\095A9.tmp
2010-02-01 12:26:05 0 d-----w- C:\$RECYCLE.BIN
2010-02-01 12:23:50 4096 ----a-w- c:\windows\system32\0A025.tmp
2010-02-01 12:00:22 77312 ----a-w- c:\windows\MBR.exe
2010-02-01 12:00:22 261632 ----a-w- c:\windows\PEV.exe
2010-02-01 12:00:22 161792 ----a-w- c:\windows\SWREG.exe
2010-02-01 12:00:21 98816 ----a-w- c:\windows\sed.exe
2010-02-01 11:30:28 4096 ----a-w- c:\windows\system32\09D28.tmp
2010-02-01 11:03:15 4096 ----a-w- c:\windows\system32\0EDB7.tmp
2010-01-31 18:48:03 4096 ----a-w- c:\windows\system32\036F7.tmp
2010-01-31 18:42:33 0 d-----w- c:\windows\system32\eu-ES
2010-01-31 18:42:33 0 d-----w- c:\windows\system32\ca-ES
2010-01-31 18:42:32 0 d-----w- c:\windows\system32\vi-VN
2010-01-31 18:39:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-31 10:18:20 4096 ----a-w- c:\windows\system32\08046.tmp
2010-01-29 07:11:25 4096 ----a-w- c:\windows\system32\07D4B.tmp
2010-01-28 23:41:45 4096 ----a-w- c:\windows\system32\07DE5.tmp
2010-01-28 07:35:44 4096 ----a-w- c:\windows\system32\08027.tmp
2010-01-27 10:32:49 4096 ----a-w- c:\windows\system32\080E3.tmp
2010-01-26 14:37:47 4096 ----a-w- c:\windows\system32\08352.tmp
2010-01-26 13:58:53 4096 ----a-w- c:\windows\system32\07EA1.tmp
2010-01-26 13:53:23 4096 ----a-w- c:\windows\system32\07C03.tmp
2010-01-25 23:24:05 4096 ----a-w- c:\windows\system32\080E2.tmp
2010-01-24 14:03:24 4096 ----a-w- c:\windows\system32\0842C.tmp
2010-01-24 13:38:38 4096 ----a-w- c:\windows\system32\07A3D.tmp
2010-01-24 08:19:39 4096 ----a-w- c:\windows\system32\083BF.tmp
2010-01-07 23:22:44 4096 ----a-w- c:\windows\system32\07DF5.tmp
2010-01-07 00:21:10 4096 ----a-w- c:\windows\system32\07B47.tmp
2010-01-06 23:30:08 4096 ----a-w- c:\windows\system32\0740.tmp
2010-01-06 09:44:01 4096 ----a-w- c:\windows\system32\07CEC.tmp
2010-01-05 23:48:00 4096 ----a-w- c:\windows\system32\07F0F.tmp
2010-01-05 16:07:19 4096 ----a-w- c:\windows\system32\07F0E.tmp
2010-01-05 08:56:06 4096 ----a-w- c:\windows\system32\07D4A.tmp
2010-01-05 01:25:34 4096 ----a-w- c:\windows\system32\0840D.tmp
2010-01-04 13:21:05 4096 ----a-w- c:\windows\system32\03FCD.tmp
2010-01-04 05:42:05 4096 ----a-w- c:\windows\system32\044AD.tmp
2010-01-04 01:08:01 4096 ----a-w- c:\windows\system32\07676.tmp

==================== Find3M ====================

2010-01-31 18:50:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-31 18:50:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-31 18:50:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-31 18:42:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-31 18:06:13 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-03 04:49:41 4096 ----a-w- c:\windows\system32\07D49.tmp
2010-01-02 13:13:58 4096 ----a-w- c:\windows\system32\085F1.tmp
2010-01-02 05:38:54 4096 ----a-w- c:\windows\system32\07BA4.tmp
2010-01-01 18:53:11 4096 ----a-w- c:\windows\system32\07888.tmp
2010-01-01 11:12:55 4096 ----a-w- c:\windows\system32\08084.tmp
2009-12-31 18:51:34 4096 ----a-w- c:\windows\system32\07A9B.tmp
2009-12-31 11:17:01 4096 ----a-w- c:\windows\system32\07B37.tmp
2009-12-31 03:26:38 4096 ----a-w- c:\windows\system32\07A6C.tmp
2009-12-29 10:52:27 4096 ----a-w- c:\windows\system32\07BD4.tmp
2009-12-29 04:12:39 4096 ----a-w- c:\windows\system32\07A4D.tmp
2009-12-28 09:55:38 4096 ----a-w- c:\windows\system32\07C11.tmp
2009-12-28 04:33:48 4096 ----a-w- c:\windows\system32\07A8B.tmp
2009-12-28 02:30:43 4096 ----a-w- c:\windows\system32\07C8E.tmp
2009-12-27 10:26:48 4096 ----a-w- c:\windows\system32\07992.tmp
2009-12-24 08:19:05 4096 ----a-w- c:\windows\system32\078A9.tmp
2009-12-23 10:20:03 4096 ----a-w- c:\windows\system32\07BB4.tmp
2009-12-23 05:30:50 4096 ----a-w- c:\windows\system32\07BF3.tmp
2009-12-23 01:17:25 4096 ----a-w- c:\windows\system32\07C02.tmp
2009-12-22 07:57:57 4096 ----a-w- c:\windows\system32\0821B.tmp
2009-12-22 00:53:08 4096 ----a-w- c:\windows\system32\079E0.tmp
2009-12-21 11:53:42 4096 ----a-w- c:\windows\system32\0820A.tmp
2009-12-21 01:36:41 4096 ----a-w- c:\windows\system32\07BD3.tmp
2009-12-20 17:15:34 4096 ----a-w- c:\windows\system32\07869.tmp
2009-12-20 13:08:43 4096 ----a-w- c:\windows\system32\083FD.tmp
2009-12-20 03:38:20 4096 ----a-w- c:\windows\system32\08535.tmp
2009-12-19 15:17:40 4096 ----a-w- c:\windows\system32\08564.tmp
2009-12-18 08:27:44 4096 ----a-w- c:\windows\system32\07F2D.tmp
2009-12-17 02:52:21 4096 ----a-w- c:\windows\system32\0821A.tmp
2009-12-17 01:09:49 4096 ----a-w- c:\windows\system32\0815F.tmp
2009-12-16 08:12:36 4096 ----a-w- c:\windows\system32\0DD53.tmp
2009-12-16 01:08:34 4096 ----a-w- c:\windows\system32\078A8.tmp
2009-12-15 09:16:28 4096 ----a-w- c:\windows\system32\07C6F.tmp
2009-12-15 01:20:47 4096 ----a-w- c:\windows\system32\07BE3.tmp
2009-12-14 01:10:23 4096 ----a-w- c:\windows\system32\07BF2.tmp
2009-12-13 05:19:20 4096 ----a-w- c:\windows\system32\07B75.tmp
2009-12-12 15:41:00 4096 ----a-w- c:\windows\system32\079B1.tmp
2009-12-11 12:53:19 4096 ----a-w- c:\windows\system32\07C5F.tmp
2009-12-11 05:42:13 4096 ----a-w- c:\windows\system32\0859B.tmp
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-03-02 08:34:14 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-29 06:56:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-02-13 08:49:05 168371 --sha-r- c:\windows\system32\tspvstis.dll

============= FINISH: 10:22:59.73 ===============



here is the latest root repeal report. look forward to hearing from you. thanks again.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 22:12
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8ADA6000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8AD9B000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB9AC5000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1096 Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: ohihmizfe
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

Edited by Lorze, 03 February 2010 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 04 February 2010 - 01:28 PM

Hi Lorze,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  1. Delete your copy of Compbofix and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

  2. Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 11 February 2010 - 03:31 PM

This thread will now be closed due to lack of activity.

If you should have the same or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users