1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active IE redirecting URLs

Discussion in 'Malware and Virus Removal Archive' started by IANV, 2009/07/31.

  1. 2009/07/31
    IANV

    IANV Inactive Thread Starter

    Joined:
    2008/06/03
    Messages:
    10
    Likes Received:
    0
    [Active] IE redirecting URLs

    I was advised by Broni to come here with the issue I posted in the Internet Explorer forum as "InternetExplorer redials wrong URL ", and to attach results of tests with the DDS tool. Those two files are copied below.

    Since my posts in the other forum, I have been able to work around my original problem - having uninstalled the very tedious IE8, I find that IE7 does not have the problem of changing the URLs of some of the pages I try to navigate between on my family history site. (That site's support team had said that other IE8 users had found no problems - so initially I did not bother returning to IE7.)

    If my problem is specific to IE8, a malware problem seems unlikely? But here are the logs anyway.

    Thanks,
    IANV
    -------------
    1) DDS.TXT:

    DDS (Ver_09-06-26.01) - NTFSx86
    Run by IANV0708 at 13:06:20.18 on 31/07/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.2046.911 [GMT 1:00]

    AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
    SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: BullGuard Antispyware *enabled* (Updated) {72CDBC85-9052-4B41-961E-B919FFE571AA}
    FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    C:\Windows\System32\svchost.exe -k BullGuard
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\program files\bullguard ltd\bullguard\BullGuard.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
    C:\Windows\Explorer.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\IANV0708\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://uk.yahoo.com/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe "
    uRun: [WindowsWelcomeCenter] "c:\windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
    uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
    mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
    mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe "
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe "
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe "
    mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [CanonSolutionMenu] "c:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
    mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
    StartupFolder: c:\users\ianv0708\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\bglsp.dll
    Trusted Zone: bt.com\service.btbroadbandvoice
    Trusted Zone: findmypast.com\www
    Trusted Zone: kindredkonnections.com\www
    Trusted Zone: motive.com\pbttbc.bt
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
    DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
    DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
    R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\Afw.sys [2007-11-28 29208]
    R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2008-7-10 55504]
    R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
    R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
    R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
    R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [2008-11-14 305688]

    =============== Created Last 30 ================

    2009-07-27 15:53 <DIR> --d----- c:\windows\MultiResource Client
    2009-07-27 15:53 <DIR> --d----- c:\program files\MultiResource Client
    2009-07-25 09:44 <DIR> --d----- c:\programdata\McAfee
    2009-07-15 11:27 289,792 a------- c:\windows\system32\atmfd.dll
    2009-07-15 11:27 156,672 a------- c:\windows\system32\t2embed.dll
    2009-07-15 11:27 72,704 a------- c:\windows\system32\fontsub.dll
    2009-07-15 11:27 10,240 a------- c:\windows\system32\dciman32.dll
    2009-07-07 11:11 <DIR> --d----- c:\users\ianv0708\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    2009-07-07 11:11 <DIR> --d----- c:\program files\BBC iPlayer Desktop

    ==================== Find3M ====================

    2009-06-08 11:48 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-05-27 17:39 86,016 a------- c:\windows\inf\infstrng.dat
    2009-05-27 17:39 51,200 a------- c:\windows\inf\infpub.dat
    2009-05-27 17:39 86,016 a------- c:\windows\inf\infstor.dat
    2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
    2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
    2008-07-25 19:30 174 a--sh--- c:\program files\desktop.ini
    2008-07-25 19:20 665,600 a------- c:\windows\inf\drvindex.dat
    2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 13:07:47.74 ===============
    2) ATTACH.TXT:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/07/2008 00:42:00
    System Uptime: 31/07/2009 02:21:30 (11 hours ago)

    Motherboard: Foxconn | | 965X7AA
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2400/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 292 GiB total, 213.166 GiB free.
    D: is CDROM (UDF)
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&38065078&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&38065078&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP474: 07/07/2009 15:22:40 - Windows Update
    RP475: 08/07/2009 12:02:49 - Scheduled Checkpoint
    RP476: 09/07/2009 00:27:25 - Scheduled Checkpoint
    RP477: 10/07/2009 13:52:29 - Scheduled Checkpoint
    RP478: 10/07/2009 20:32:04 - Windows Update
    RP479: 13/07/2009 11:12:52 - Scheduled Checkpoint
    RP480: 14/07/2009 15:42:33 - Scheduled Checkpoint
    RP481: 15/07/2009 11:13:33 - Scheduled Checkpoint
    RP482: 15/07/2009 11:49:17 - Windows Update
    RP484: 16/07/2009 00:04:02 - Scheduled Checkpoint
    RP486: 17/07/2009 02:34:12 - Scheduled Checkpoint
    RP487: 18/07/2009 11:22:43 - Scheduled Checkpoint
    RP488: 19/07/2009 17:28:44 - Scheduled Checkpoint
    RP489: 20/07/2009 10:14:47 - Scheduled Checkpoint
    RP490: 20/07/2009 10:26:07 - Windows Update
    RP491: 21/07/2009 00:46:52 - Scheduled Checkpoint
    RP492: 22/07/2009 10:21:29 - Scheduled Checkpoint
    RP493: 22/07/2009 11:53:39 - Windows Update
    RP494: 23/07/2009 16:51:55 - Scheduled Checkpoint
    RP496: 24/07/2009 23:12:49 - Scheduled Checkpoint
    RP497: 25/07/2009 09:46:10 - Installed Java(TM) 6 Update 14
    RP498: 25/07/2009 09:56:11 - Removed Java(TM) 6 Update 3
    RP499: 25/07/2009 09:58:03 - Removed Java(TM) 6 Update 7
    RP500: 25/07/2009 11:21:31 - Windows Update
    RP501: 26/07/2009 00:10:24 - Restore Operation
    RP502: 26/07/2009 18:10:55 - Windows Update
    RP503: 27/07/2009 15:25:43 - Restore Operation
    RP504: 29/07/2009 04:35:55 - Scheduled Checkpoint
    RP505: 30/07/2009 00:23:11 - Scheduled Checkpoint
    RP506: 30/07/2009 13:04:56 - Windows Update
    RP508: 30/07/2009 13:24:50 - Windows Modules Installer

    ==== Installed Programs ======================

    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.2
    Apple Software Update
    BBC iPlayer Desktop
    BCL easyConverter SDK 1.0.0 Module
    BT Broadband Desktop Help
    BT Wireless Connection Manager
    BullGuard 8.0
    Canon MP Navigator EX 1.0
    Canon MP610 series
    Canon MP610 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    CCleaner (remove only)
    CD-LabelPrint
    DriverGuide Toolkit
    Family Tree Maker 2008
    GENMatcher 1.08
    GENViewer version 1.23
    Google Earth
    Google Updater
    Hampshire Baptism Index
    Hampshire Baptism Index 2
    Hampshire Burial Index
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java(TM) 6 Update 14
    Legacy 7.0
    Legacy Charting 7.0
    Lizardtech DjVu Control (autoinstall)
    LUMIX Simple Viewer
    Marvell Miniport Driver
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WSE 3.0
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MultiResource Client 2.17.0 (Standard)
    NVIDIA Drivers
    PHOTOfunSTUDIO -viewer-
    QuickTime
    Realtek High Definition Audio Driver
    ScanSoft OmniPage SE 4
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Serif AlbumPlus 4
    Serif PhotoPlus 11
    Skypad
    Soft Voice SoftRing Modem with SmartSP
    Spy Sweeper
    Spy Sweeper Core
    System Requirements Lab
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WinRAR archiver
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    24/07/2009 22:07:34, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user IANV0708-PC\IANV0708 SID (S-1-5-21-3484384270-2544271106-1312593353-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    24/07/2009 18:18:00, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

    ==== End Of File ===========================
     
    IANV,
    #1
  2. 2009/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let'smake sure...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...