lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Help cleaning infected PC

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 6 1 23456
 
Thread Tools
  #1  
Old 30th Dec 2008, 17:57
Member Group
  
Quote:
Originally Posted by evilfantasy View Post
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt.
I made it as far as the Fixtool running again after the restart but never got to the finish screen.

Long story short, still infected.

Any other suggestions greatly appreciated.
  #2  
Old 30th Dec 2008, 17:59
Moderator Group
  
Moved to new topic.

It's sometimes dangerous to follow directions in another thread. Please start here http://www.computer-juice.com/forums...-posting-7476/

Post the 3 logs when complete.
__________________
  #3  
Old 31st Dec 2008, 15:56
Member Group
  
This took a little while - I couldn't run Malwarebytes (infection had hijacked pointing device).

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/31/2008 at 06:08 PM
Application Version : 4.24.1004
Core Rules Database Version : 3691
Trace Rules Database Version: 1667
Scan type : Complete Scan
Total Scan Time : 01:05:00
Memory items scanned : 694
Memory threats detected : 0
Registry items scanned : 5879
Registry threats detected : 0
File items scanned : 77980
File threats detected : 6
Adware.Tracking Cookie
C:\Documents and Settings\Sonia\Cookies\sonia@doubleclick[2].txt
C:\Documents and Settings\Sonia\Cookies\sonia@tribalfusion[1].txt
C:\Documents and Settings\Sonia\Cookies\sonia@atdmt[2].txt
C:\Documents and Settings\Sonia\Cookies\sonia@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sonia\Cookies\sonia@overture[1].txt
C:\Documents and Settings\Sonia\Cookies\sonia@imrworldwide[2].txt



Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
1/01/2009 9:15:22 AM
mbam-log-2009-01-01 (09-15-22).txt
Scan type: Quick Scan
Objects scanned: 58281
Time elapsed: 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sonia\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot. - I was unable to find this file to delete on reboot (directory no problems to locate but no file)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:23 AM, on 1/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.rmitbookshop.com.au
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160997316000
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://www.payme4shopping.com/Reserv...pType=PrintCab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C5E624-24DA-4EF9-92B9-37936154A49C}: NameServer = 211.29.132.12,198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\..\{B07E1C13-687A-4D57-A3A5-4CCDBE2B184B}: NameServer = 198.142.0.51,203.2.75.132
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12811 bytes


Thanks for getting me this far (big improvement on yesterday's hysteria)
  #4  
Old 31st Dec 2008, 19:15
Moderator Group
  
Quote:
C:\Documents and Settings\Sonia\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot. - I was unable to find this file to delete on reboot (directory no problems to locate but no file)
MalwareBytes deleted it upon rebooting the computer

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
  #5  
Old 31st Dec 2008, 22:47
Member Group
  
Thanks again!


ComboFix 08-12-30.02 - Sonia 2009-01-01 16:43:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1123 [GMT 11:00]
Running from: c:\documents and settings\Sonia\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PACKET

((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.
2009-01-01 10:11 . 2009-01-01 10:11 <DIR> d-------- c:\program files\WOT
2009-01-01 09:53 . 2009-01-01 09:53 <DIR> d-------- c:\program files\Trend Micro
2009-01-01 09:39 . 2009-01-01 09:39 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-01 09:06 . 2009-01-01 09:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 09:06 . 2009-01-01 09:06 <DIR> d-------- c:\documents and settings\Sonia\Application Data\Malwarebytes
2009-01-01 09:06 . 2009-01-01 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 09:06 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 09:06 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 14:06 . 2008-12-31 14:06 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-31 14:06 . 2008-12-31 14:06 <DIR> d-------- c:\documents and settings\Sonia\Application Data\SUPERAntiSpyware.com
2008-12-31 14:06 . 2008-12-31 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-31 12:22 . 2008-12-31 12:22 <DIR> d-------- c:\program files\CCleaner
2008-12-31 11:28 . 2008-12-31 11:28 <DIR> d-------- c:\windows\ERUNT
2008-12-31 11:22 . 2008-12-31 11:41 <DIR> d-------- C:\SDFix
2008-12-31 10:26 . 2008-12-31 10:26 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-30 17:50 . 2008-12-30 17:50 61,224 --a------ c:\documents and settings\Sonia\GoToAssistDownloadHelper.exe
2008-12-30 15:54 . 2008-12-30 15:54 <DIR> d-------- c:\documents and settings\Sonia\Application Data\McAfee
2008-12-23 15:42 . 2008-12-30 18:00 <DIR> d-------- C:\AIFSXSECTIONAL
2008-12-09 17:00 . 2008-12-10 09:15 <DIR> d-------- C:\Data files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-31 22:44 --------- d-----w c:\program files\Java
2008-12-31 08:02 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-31 03:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 06:59 --------- d-----w c:\program files\SPSS GP
2008-12-30 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-27 04:02 --------- d-----w c:\program files\McAfee
2008-11-23 19:18 --------- d-----w c:\program files\iTunes
2008-11-23 19:18 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 19:17 --------- d-----w c:\program files\iPod
2008-11-23 19:17 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 19:15 --------- d-----w c:\program files\QuickTime
2008-11-23 18:51 --------- d-----w c:\program files\Safari
2008-11-16 03:49 --------- d-----w c:\documents and settings\Sonia\Application Data\Apple Computer
2008-11-08 03:12 --------- d-----w c:\program files\Sun
2006-10-16 11:06 0 ----a-w c:\documents and settings\Sonia\Application Data\wklnhst.dat
2008-05-19 11:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051920080 520\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\mo zy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-10-06 13:45 3044656 --a------ c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\mo zy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-10-06 13:45 3044656 --a------ c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-01 136600]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-10 26112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-10 24576]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2008-10-06 2954544]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 mozyFilter;mozyFilter;c:\windows\system32\DRIVERS\ mozy.sys [2007-11-13 53752]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-30 203280]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{af90a8dc-0c8d-11dc-989c-0015c5b8dae2}]
\Shell\AutoRun\command - E:\DTE_Privacy_launcher.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-07-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]
2007-03-31 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]
2009-01-01 c:\windows\Tasks\User_Feed_Synchronization-{795C5251-065B-431B-BEB5-3DF29E7BCA91}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061010
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\odsp.dll
Trusted Zone: www.rmitbookshop.com.au
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
TCP: {63C5E624-24DA-4EF9-92B9-37936154A49C} = 211.29.132.12,198.142.0.51
TCP: {B07E1C13-687A-4D57-A3A5-4CCDBE2B184B} = 198.142.0.51,203.2.75.132
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\WOT\WOT.dll
c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_65 95b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll - c:\windows\Downloaded Program Files\RSClientPrint_3082.rll
c:\windows\Downloaded Program Files\RSClientPrint_2052.rll
c:\windows\Downloaded Program Files\RSClientPrint_1053.rll
c:\windows\Downloaded Program Files\RSClientPrint_1046.rll
c:\windows\Downloaded Program Files\RSClientPrint_1043.rll
c:\windows\Downloaded Program Files\RSClientPrint_1042.rll
c:\windows\Downloaded Program Files\RSClientPrint_1041.rll
c:\windows\Downloaded Program Files\RSClientPrint_1040.rll
c:\windows\Downloaded Program Files\RSClientPrint_1036.rll
c:\windows\Downloaded Program Files\RSClientPrint_1031.rll
c:\windows\Downloaded Program Files\RSClientPrint_1028.rll
c:\windows\Downloaded Program Files\RSClientPrint_1033.rll
c:\windows\Downloaded Program Files\RSClientPrint.dll
O16 -: {FA91DF8D-53AB-455D-AB20-F2F023E498D3}
hxxp://www.payme4shopping.com/Reserved.ReportViewerWebControl.axd?ReportSession= nwcpb0rjol5wfc55p2ar2n45&ControlID=965d59f2-ae64-46bc-89b2-dc21dbac8f6b&Culture=5129&UICulture=1033&ReportSta ck=1&OpType=PrintCab
c:\windows\Downloaded Program Files\RSClientPrint.inf
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 16:48:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62 F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=S-1-5-21-2581684170-2629735313-3646798534-1005
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62 F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=S-1-5-21-2581684170-2629735313-3646798534-1005
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b .ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62 F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=S-1-5-21-2581684170-2629735313-3646798534-1005
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \*NULL*& 2*NULL*]
@Security="Inherited"
"Path"="c:\\WINDOWS\\system32\\config\\systemprofi le\\Application Data\\Intel\\Wireless\\"
[HKEY_LOCAL_MACHINE\software\Sigmatel\GlobalState]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=Administrators
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (B 1 2 3 4 5) (S-1-5-4)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
************************************************** ************************
.
Completion time: 2009-01-01 16:52:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 05:52:02
Pre-Run: 83,431,030,784 bytes free
Post-Run: 83,523,420,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
260 --- E O F --- 2008-12-18 18:22:03
  #6  
Old 1st Jan 2009, 12:33
Moderator Group
  
Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save


Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________
  #7  
Old 2nd Jan 2009, 21:40
Member Group
  
Next update...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 02, 2009 05:06:57
Records in database: 1545901
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 82165
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:41:03
No malware has been detected. The scan area is clean.
The selected area was scanned.
  #8  
Old 3rd Jan 2009, 11:07
Moderator Group
  
Looks like we got everything. How is the computer running now?
  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
  • The above procedure will:
  • Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator
  • Under Main: Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords click No at the prompt.
  • Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it yourself.

Important: Restart the computer before continuing.
__________________
  #9  
Old 3rd Jan 2009, 15:47
Member Group
  
It looks OK but system performance is still on the sluggish side and something had happened to google search in IE. I keep getting redirected to click through sites instead of what I was searching for.

A McAfee update downloaded this morning with a 'secure' yahoo search in the toolbar. This does work (ie I get to the site I'm searching for) but the google search is still stuffed.

(Chances of me calling McAffee tech support to discuss after their craptastic advice last time - 0%)

Should I run this clean or scan for something else?

Thanks again.
  #10  
Old 3rd Jan 2009, 16:14
Moderator Group
  
Run Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
  • Open the folder and run Dial-a-fix.exe
  • 2 windows will open. Close the one in the background labeled Restrictive Policies
  • Check the box in section 1, Empty temp folders.
  • Check the box in section 2, Fix Windows Installer.
  • Check the box in section 3, Fix Windows Update.
  • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  • Check all boxes in section 5, labeled Registration Center.
  • Click Go
  • OK any error messages if received, but write them down and post them here.
  • Restart the computer when done.
----------

Reset Web Settings & Default Security Settings

Open IE and select Tools > Internet Options > then the Advanced Tab and then the Reset... button under Reset Internet Explorer Settings.

To Reset Default Security Settings:
  • Right click on your desktop Internet Explorer icon and select Properties
  • Then click the Security tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.
  • For IE 7 users, simply click the "Reset all zones to default level" button.
----------

Run CCleaner.

Run this online scan and post the log.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
__________________
Reply
Page 1 of 6 1 23456

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.