Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect - Persists After Trying Removal Guide

Started by acerocknroll , Dec 27 2010 12:27 PM

  • Please log in to reply

#1
acerocknroll
Posted 27 December 2010 - 12:27 PM

acerocknroll

    Member

  • Member
  • PipPip
  • 13 posts
Hello again... another day, another computer infected :D
This machine has a Google redirect that still happens after following the guide on this site twice. After redirecting once, it will usually allow me to go to the desired location the second time the search is performed. Computer is running XP SP3, I run Malwarebytes antimalware and it comes back totally clean. Spy Sweeper removed a java trojan but didn't find anything else. Thanks in advance for your help!

Here is my OTL logfile:

OTL logfile created on: 12/27/2010 1:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Matt H\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 408.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 55.24 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
Drive D: | 873.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT | User Name: Matt H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/27 13:14:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt H\My Documents\Downloads\OTL.exe
PRC - [2010/12/27 11:59:28 | 001,392,784 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/12/27 11:59:24 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/14 15:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/12/07 18:44:16 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/11/08 07:30:48 | 001,074,384 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\wben.exe
PRC - [2010/08/12 08:54:10 | 000,032,960 | ---- | M] () -- C:\Program Files\Starfield\starfieldupdate.exe
PRC - [2010/07/16 12:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2010/06/23 16:02:40 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/23 16:02:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/02/01 17:45:36 | 001,926,440 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2010/02/01 17:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2009/09/16 19:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/13 13:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe


========== Modules (SafeList) ==========

MOD - [2010/12/27 13:14:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt H\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/06 12:15:25 | 000,094,208 | ---- | M] () -- C:\Program Files\Common Files\ActiveDesktop\ActiveDesktop.dll
MOD - [2008/05/13 12:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/12/27 11:59:24 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/16 12:47:26 | 001,310,960 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010/02/01 17:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 10:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 13:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/12 15:57:12 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2010/10/12 15:57:12 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (SSFMONM)
DRV - [2010/10/12 15:57:12 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/24 17:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 18:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/13 23:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...e/reading-list"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.6a
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 12:12:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 13:38:53 | 000,000,000 | ---D | M]

[2010/03/08 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Extensions
[2010/12/27 09:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\extensions
[2010/06/25 08:33:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 08:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\extensions\[email protected]
[2010/08/10 14:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\extensions\[email protected]
[2010/03/26 10:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\extensions\[email protected]
[2010/12/27 12:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 12:10:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Starfield Updater] C:\Program Files\Starfield\StarfieldUpdate.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [wben] C:\Program Files\Starfield\wben.exe (Starfield Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Matt H\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268087041062 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.2
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: ActiveDesktop - {33db6099-5ac2-4e28-b8b1-2187d789a7c3} - C:\Program Files\Common Files\ActiveDesktop\ActiveDesktop.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Matt H\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt H\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/08 15:32:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 12:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\Desktop\GooredFix Backups
[2010/12/27 12:37:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/27 12:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/12/27 12:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\My Documents\erunt
[2010/12/27 12:04:03 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2010/12/27 12:04:03 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2010/12/27 12:04:03 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2010/12/27 11:59:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/12/27 11:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/12/27 11:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/12/27 11:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\Local Settings\Application Data\PackageAware
[2010/12/27 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/12/22 12:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\Application Data\SUPERAntiSpyware.com
[2010/12/22 12:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/22 12:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/17 13:59:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Matt H\PrivacIE
[2010/12/16 14:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\My Documents\antonelli
[2010/12/16 09:45:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Matt H\IETldCache
[2010/12/15 15:58:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/12/15 15:57:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/12/15 15:56:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/15 15:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/12/15 15:43:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/15 15:39:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/15 15:39:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/15 15:39:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/15 15:39:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/15 15:39:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/15 15:39:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/15 15:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/12/15 15:35:39 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matt H\Desktop\TDSSKiller.exe
[2010/12/13 13:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/03 13:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\Application Data\Malwarebytes
[2010/12/03 13:32:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/03 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/03 13:32:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/03 13:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/02 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\CardRecovery
[2010/12/02 14:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt H\Application Data\WinRAR
[2010/12/02 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/27 12:50:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/27 12:49:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/27 11:59:44 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/27 09:49:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/24 10:31:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/22 12:27:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/22 12:13:41 | 000,013,043 | ---- | M] () -- C:\Documents and Settings\Matt H\My Documents\pfcu.odt
[2010/12/17 11:40:08 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 19:07:35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/16 14:16:58 | 000,754,840 | ---- | M] () -- C:\Documents and Settings\Matt H\My Documents\antonelli.zip
[2010/12/16 09:45:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Matt H\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/15 15:43:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/13 13:38:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/13 09:50:50 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010/12/08 14:48:08 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matt H\Desktop\TDSSKiller.exe
[2010/12/07 18:44:22 | 000,030,424 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/12/07 18:44:14 | 000,017,472 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/12/03 13:32:28 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/02 17:16:27 | 000,011,431 | ---- | M] () -- C:\Documents and Settings\Matt H\My Documents\jared appraisal.odt
[2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/27 12:04:04 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/12/27 12:04:04 | 000,017,472 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/12/27 11:59:44 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/22 12:27:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/22 12:13:38 | 000,013,043 | ---- | C] () -- C:\Documents and Settings\Matt H\My Documents\pfcu.odt
[2010/12/16 14:16:58 | 000,754,840 | ---- | C] () -- C:\Documents and Settings\Matt H\My Documents\antonelli.zip
[2010/12/15 15:43:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/15 15:43:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/15 15:39:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/15 15:39:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/15 15:39:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/15 15:39:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/15 15:39:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/13 13:38:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/12/03 13:32:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/02 17:16:27 | 000,011,431 | ---- | C] () -- C:\Documents and Settings\Matt H\My Documents\jared appraisal.odt
[2010/08/06 12:15:54 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PWContextMenu.dll
[2010/08/06 12:15:54 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2010/08/06 12:15:54 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2010/06/22 09:44:12 | 000,020,436 | ---- | C] () -- C:\WINDOWS\MSUMLT_U.ini
[2010/03/22 10:28:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2010/03/22 10:28:51 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\PTQL5L.INI
[2010/03/08 07:25:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/03/08 16:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/04/01 10:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/12/27 11:59:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/11/17 11:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\OpenOffice.org
[2010/03/09 18:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt H\Application Data\Z-Firm LLC
[2010/12/27 09:49:22 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 27 December 2010 - 02:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I see you have run Combofix, could you post the log for that please

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
acerocknroll
Posted 27 December 2010 - 02:53 PM

acerocknroll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, thanks for your reply!

I last ran Combofix last week I think, so I ran it again. Here is the logfile:


ComboFix 10-12-26.01 - Matt H 12/27/2010 15:42:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.624 [GMT -5:00]
Running from: c:\documents and settings\Matt H\My Documents\Downloads\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-27 19:54 . 2010-12-27 19:56 -------- d-----w- c:\documents and settings\Matt H\Local Settings\Application Data\Temp
2010-12-27 19:50 . 2010-12-27 19:50 -------- d-----w- c:\windows\system32\winrm
2010-12-27 19:50 . 2010-12-27 19:50 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-27 19:49 . 2010-12-27 19:50 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-27 19:48 . 2010-12-27 19:48 -------- d-----w- c:\windows\system32\URTTEMP
2010-12-27 17:37 . 2010-12-27 17:37 -------- d-----w- C:\_OTM
2010-12-27 17:05 . 2010-12-27 17:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-12-27 17:04 . 2010-10-12 20:57 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-12-27 17:04 . 2010-10-12 20:57 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-12-27 17:04 . 2010-10-12 20:57 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-12-27 16:59 . 2010-12-27 16:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2010-12-27 16:58 . 2010-12-27 16:58 -------- d-----w- c:\program files\Webroot
2010-12-27 16:58 . 2010-12-27 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-12-27 16:58 . 2010-12-27 16:58 -------- d-----w- c:\documents and settings\Matt H\Local Settings\Application Data\PackageAware
2010-12-27 16:51 . 2010-12-27 16:57 -------- d-----w- c:\program files\SpywareGuard
2010-12-22 17:27 . 2010-12-22 17:27 -------- d-----w- c:\documents and settings\Matt H\Application Data\SUPERAntiSpyware.com
2010-12-22 17:27 . 2010-12-22 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-22 17:27 . 2010-12-22 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-17 18:59 . 2010-12-17 18:59 -------- d-sh--w- c:\documents and settings\Matt H\PrivacIE
2010-12-16 18:49 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 18:49 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 14:45 . 2010-12-16 14:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-16 14:45 . 2010-12-16 14:45 -------- d-sh--w- c:\documents and settings\Matt H\IETldCache
2010-12-15 20:59 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-12-15 20:57 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-12-15 20:57 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-12-15 20:57 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-12-15 20:57 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-12-15 20:57 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-15 20:57 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-12-15 20:57 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-12-15 20:56 . 2010-12-15 20:57 -------- dc-h--w- c:\windows\ie8
2010-12-15 20:37 . 2010-12-15 20:37 -------- d-----w- c:\documents and settings\Administrator
2010-12-13 18:38 . 2010-12-13 18:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-03 18:33 . 2010-12-03 18:33 -------- d-----w- c:\documents and settings\Matt H\Application Data\Malwarebytes
2010-12-03 18:32 . 2010-12-03 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-03 18:32 . 2010-11-30 16:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-03 18:32 . 2010-12-03 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-03 18:32 . 2010-11-30 16:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 19:15 . 2010-12-02 19:17 -------- d-----w- c:\program files\CardRecovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-03-08 20:30 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-04 18:18 . 2010-08-12 18:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wben"="c:\program files\Starfield\wben.exe" [2010-11-08 1074384]
"Starfield Updater"="c:\program files\Starfield\StarfieldUpdate.exe" [2010-08-12 32960]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]
"Google Update"="c:\documents and settings\Matt H\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-12-27 1392784]

c:\documents and settings\Matt H\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ActiveDesktop"= {33db6099-5ac2-4e28-b8b1-2187d789a7c3} - c:\program files\Common Files\ActiveDesktop\ActiveDesktop.dll [2010-08-06 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [7/16/2010 12:47 PM 1310960]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [12/27/2010 12:04 PM 45072]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/12/2010 7:31 PM 4949288]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [12/27/2010 11:59 AM 3275112]
S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/12/2010 7:31 PM 16168]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-651377827-839522115-1003Core.job
- c:\documents and settings\Matt H\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-27 19:54]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-651377827-839522115-1003UA.job
- c:\documents and settings\Matt H\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-27 19:54]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Matt H\Application Data\Mozilla\Firefox\Profiles\1pgt39x6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/reader/view/user/-/state/com.google/reading-list#stream/user%2F11457038492283805134%2Fstate%2Fcom.google%2Freading-list
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Xmarks: fo[email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Woot! Watcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\ActiveDesktop\ActiveDesktop.dll
.
Completion time: 2010-12-27 15:47:49
ComboFix-quarantined-files.txt 2010-12-27 20:47
ComboFix2.txt 2010-12-15 20:46

Pre-Run: 58,964,324,352 bytes free
Post-Run: 59,004,768,256 bytes free

- - End Of File - - 6E00BF9AB0405CA983577F59D6AB9376


Here is my TDSSKiller Logfile:


2010/12/27 15:50:10.0984 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/27 15:50:10.0984 ================================================================================
2010/12/27 15:50:10.0984 SystemInfo:
2010/12/27 15:50:10.0984
2010/12/27 15:50:10.0984 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/27 15:50:10.0984 Product type: Workstation
2010/12/27 15:50:10.0984 ComputerName: MATT
2010/12/27 15:50:10.0984 UserName: Matt H
2010/12/27 15:50:10.0984 Windows directory: C:\WINDOWS
2010/12/27 15:50:10.0984 System windows directory: C:\WINDOWS
2010/12/27 15:50:10.0984 Processor architecture: Intel x86
2010/12/27 15:50:10.0984 Number of processors: 2
2010/12/27 15:50:10.0984 Page size: 0x1000
2010/12/27 15:50:10.0984 Boot type: Normal boot
2010/12/27 15:50:10.0984 ================================================================================
2010/12/27 15:50:11.0125 Initialize success
2010/12/27 15:50:13.0125 ================================================================================
2010/12/27 15:50:13.0125 Scan started
2010/12/27 15:50:13.0125 Mode: Manual;
2010/12/27 15:50:13.0125 ================================================================================
2010/12/27 15:50:14.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/27 15:50:14.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/27 15:50:14.0406 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/27 15:50:14.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/27 15:50:14.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/27 15:50:14.0890 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/27 15:50:14.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/27 15:50:15.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/27 15:50:15.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/27 15:50:15.0234 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/27 15:50:15.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/27 15:50:15.0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/27 15:50:15.0375 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/27 15:50:15.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/27 15:50:15.0750 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/27 15:50:15.0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/27 15:50:15.0828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/27 15:50:15.0968 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/27 15:50:16.0093 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/27 15:50:16.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/27 15:50:16.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/27 15:50:16.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/27 15:50:16.0562 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/27 15:50:16.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/27 15:50:16.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/27 15:50:16.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/27 15:50:16.0718 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/27 15:50:16.0765 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/27 15:50:16.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/27 15:50:16.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/12/27 15:50:17.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/27 15:50:17.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/27 15:50:17.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/27 15:50:17.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/27 15:50:17.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/27 15:50:17.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/27 15:50:17.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/27 15:50:17.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/27 15:50:17.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/27 15:50:17.0531 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/27 15:50:17.0578 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/27 15:50:17.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/27 15:50:17.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/27 15:50:17.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/27 15:50:17.0921 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/27 15:50:17.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/27 15:50:18.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/27 15:50:18.0093 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/27 15:50:18.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/27 15:50:18.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/27 15:50:18.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/27 15:50:18.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/27 15:50:18.0421 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/27 15:50:18.0484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/27 15:50:18.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/27 15:50:18.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/27 15:50:18.0593 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/27 15:50:18.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/27 15:50:18.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/27 15:50:18.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/27 15:50:18.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/27 15:50:18.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/27 15:50:18.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/27 15:50:18.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/27 15:50:19.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/27 15:50:19.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/27 15:50:19.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/27 15:50:19.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/27 15:50:19.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/27 15:50:19.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/27 15:50:19.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/27 15:50:19.0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/27 15:50:19.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/27 15:50:19.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/27 15:50:19.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/27 15:50:19.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/27 15:50:20.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/27 15:50:20.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/27 15:50:20.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/27 15:50:20.0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/27 15:50:20.0359 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/27 15:50:20.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/27 15:50:20.0593 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/27 15:50:20.0609 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/27 15:50:20.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/27 15:50:20.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/27 15:50:20.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/27 15:50:20.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/27 15:50:21.0015 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/27 15:50:21.0078 SSFMONM (83a1fe75211bb59645fe53e469ad61c8) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2010/12/27 15:50:21.0140 SSHRMD (6fb311640254a0fc65fc70f4f58fb9b1) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2010/12/27 15:50:21.0171 SSIDRV (16cd11a307389db133e08229ed300861) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2010/12/27 15:50:21.0250 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/27 15:50:21.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/27 15:50:21.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/27 15:50:21.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/27 15:50:21.0578 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/27 15:50:21.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/27 15:50:21.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/27 15:50:21.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/27 15:50:21.0937 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/27 15:50:21.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/27 15:50:22.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/27 15:50:22.0109 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/27 15:50:22.0203 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/27 15:50:22.0250 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/27 15:50:22.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/27 15:50:22.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/27 15:50:22.0421 wacmoumonitor (17bdade5a09d0b0f85f6fd95e3a68ecd) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2010/12/27 15:50:22.0500 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2010/12/27 15:50:22.0546 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2010/12/27 15:50:22.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/27 15:50:22.0968 ================================================================================
2010/12/27 15:50:22.0968 Scan finished
2010/12/27 15:50:22.0968 ================================================================================
  • 0

#4
Essexboy
Posted 27 December 2010 - 03:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you use a router ?
  • 0

#5
acerocknroll
Posted 27 December 2010 - 03:14 PM

acerocknroll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, my office has kind of a stupid setup with a Westell 327W modem running into a Linksys WRT320N wireless router and a DLink Switch.
  • 0

#6
Essexboy
Posted 27 December 2010 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm so as an office set up, no one else is getting redirected, just you ?

Could you give me an example otf the redirect

i.e. Click on site xxx and it redirects to whatever.com
  • 0

#7
acerocknroll
Posted 27 December 2010 - 03:28 PM

acerocknroll

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
My boss's computer was doing something similar, his was way more infected though. SpySentinel helped me get his back up and running a couple weeks back.

Couple examples:
Say I search for "used cars" and click on Autotrader.com, it redirects to dealparty.com.

I tried a few other search terms and clicked around, that's the only one that redirected at the moment. It's kind of intermittent. And it almost always lets me go to the correct site the second time I click the link. Next time it redirects me I'll post it here.
  • 0

#8
Essexboy
Posted 27 December 2010 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If other computers are experiencing similar problems I would suspect an infected router. So it would need to be reset

To confirm this can you install open DNS on your system and see if that cures it
  • 0

#9
Essexboy
Posted 31 December 2010 - 12:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Essexboy
Posted 31 December 2010 - 02:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Are the affected computers on a local network ?

If so then it maybe that all computers will need to be cleaned, especially if you are sharing files
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP