Resolved Google randomly redirecting...logs attached

[mcIrishgurl]

google is randomly redirecting ie. i've attached the prelimenary logs. your help is appreciated.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6057

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/14/2011 5:30:49 PM
mbam-log-2011-03-14 (17-30-49).txt

Scan type: Quick scan
Objects scanned: 184180
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-14 17:47:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD400EB-11CPF0 rev.06.04G06
Running: fpo6du4z.exe; Driver: C:\DOCUME~1\Dawn\LOCALS~1\Temp\kxtdapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 78165193 (+166): rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF74640E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74640F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7464120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7464176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74640CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74640A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74640B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF746410A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF746414C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7464136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF74641A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF746418C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7464160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A468AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A468AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A468AF1

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400EB-11CPF0______________________06.04G06#4457572d41435441324636313430_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

 

[mcIrishgurl]

dds log

DDS (Ver_11-03-05.01) - NTFSx86
Run by Dawn at 17:59:47.54 on Mon 03/14/2011
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.884 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBKJSWX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dawn\My Documents\dds.scr
.
============== Running Processes ===============
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBKJSWX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dawn\My Documents\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============

Edit: Deleting following as wrong log..
.

 

[mcIrishgurl]

dds log (cont'd)

Edit: Deleting incorrect log display.

 

[mcIrishgurl]

dds log (cont'd)

Edit: Deleted incorrect log.

 

[mcIrishgurl]

dds log (cont'd)

Edit: Deleted incorrect log.

 

[mcIrishgurl]

dds log (cont'd)

Edit: Deleted incorrect log.

 

[mcIrishgurl]

dds log (cont'd)

============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\WINDOWS\system32\driverse\mfehidk.sys [2010-10-13 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\WINDOWS\system32\driverse\mfetdi2k.sys [2011-2-22 84072]
R1 SASDIFSV;SASDIFSV;c:\Program Files\SUPERAntiSpywaree\SASDIFSV.SYS [2009-9-4 12872]
R1 SASKUTIL;SASKUTIL;c:\Program Files\SUPERAntiSpywaree\SASKUTIL.SYS [2009-9-4 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\Program Files\Common Files\Mcafee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\Program Files\Common Files\Mcafee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
R2 McProxy;McAfee Proxy Service;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
R2 McShield;McShield;c:\Program Files\Common Files\McAfee\SystemCoree\mcshield.exe [2011-2-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\Program Files\Common Files\McAfee\SystemCoree\mfefire.exe [2011-2-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\WINDOWS\system32e\mfevtps.exe [2011-2-22 141792]
R3 cfwids;McAfee Inc. cfwids;c:\WINDOWS\system32\driverse\cfwids.sys [2011-2-22 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\WINDOWS\system32\driverse\mfeavfk.sys [2011-2-22 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\WINDOWS\system32\driverse\mfefirek.sys [2011-2-22 313288]
R3 mfendiskmp;mfendiskmp;c:\WINDOWS\system32\driverse\mfendisk.sys [2011-2-22 88544]
S2 gupdate;Google Update Service (gupdate);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2010-2-1 135664]
S3 hdlSrv;hdlSrv;c:\Program Files\M-Systems Utilitye\hdlSrv.exe [2002-11-19 65536]
S3 mfebopk;McAfee Inc. mfebopk;c:\WINDOWS\system32\driverse\mfebopk.sys [2011-2-22 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\WINDOWS\system32\driverse\mfendisk.sys [2011-2-22 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\WINDOWS\system32\driverse\mferkdet.sys [2011-2-22 84264]
S3 SASENUM;SASENUM;c:\Program Files\SUPERAntiSpywaree\SASENUM.SYS [2009-9-4 12872]
======

Edit: Deleted partial incorrect log content.

 

[mcIrishgurl]

attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2007 1:05:20 PM
System Uptime: 3/14/2011 5:07:03 PM (1 hours ago)
.
Motherboard: Lite-On Tech. | | 0888h
Processor: Intel(R) Celeron(R) CPU 2.00GHz | mPGA-478 | 2000/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 32 GiB total, 11.717 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP217: 2/6/2011 8:05:57 AM - System Checkpoint
RP218: 2/7/2011 9:43:13 AM - System Checkpoint
RP219: 2/8/2011 10:05:21 AM - System Checkpoint
RP220: 2/9/2011 12:23:28 PM - System Checkpoint
RP221: 2/10/2011 1:20:38 AM - Software Distribution Service 3.0
RP222: 2/10/2011 11:33:49 AM - Installed HP Product Detection.
RP223: 2/10/2011 12:15:39 PM - Installed LightScribe System Software 1.14.25.1.
RP224: 2/10/2011 12:34:53 PM - Removed System Requirements Lab for Intel
RP225: 2/11/2011 12:43:19 PM - System Checkpoint
RP226: 2/12/2011 3:51:34 PM - System Checkpoint
RP227: 2/13/2011 6:35:56 PM - System Checkpoint
RP228: 2/14/2011 6:56:26 PM - System Checkpoint
RP229: 2/15/2011 7:18:50 PM - System Checkpoint
RP230: 2/17/2011 1:57:05 AM - System Checkpoint
RP231: 2/18/2011 2:44:53 AM - System Checkpoint
RP232: 2/19/2011 2:52:54 AM - System Checkpoint
RP233: 2/20/2011 3:43:48 AM - System Checkpoint
RP234: 2/21/2011 5:46:41 AM - System Checkpoint
RP235: 3/22/2011 2:37:41 AM - System Checkpoint
RP236: 2/22/2011 10:16:48 PM - System Checkpoint
RP237: 2/23/2011 10:28:05 PM - System Checkpoint
RP238: 2/25/2011 1:31:48 AM - System Checkpoint
RP239: 2/26/2011 2:02:07 AM - System Checkpoint
RP240: 2/27/2011 2:18:36 AM - System Checkpoint
RP241: 2/28/2011 3:18:30 AM - System Checkpoint
RP242: 3/1/2011 3:37:02 AM - System Checkpoint
RP243: 3/2/2011 4:36:59 AM - System Checkpoint
RP244: 3/3/2011 5:38:40 AM - System Checkpoint
RP245: 3/4/2011 6:38:05 AM - System Checkpoint
RP246: 3/5/2011 7:38:02 AM - System Checkpoint
RP247: 3/6/2011 8:15:00 AM - System Checkpoint
RP248: 3/7/2011 8:52:49 AM - System Checkpoint
RP249: 3/8/2011 10:00:56 AM - System Checkpoint
RP250: 3/9/2011 10:38:21 AM - System Checkpoint
RP251: 3/10/2011 3:00:56 AM - Software Distribution Service 3.0
RP252: 3/11/2011 3:38:24 AM - System Checkpoint
RP253: 3/12/2011 4:38:26 AM - System Checkpoint
RP254: 3/13/2011 7:02:34 AM - System Checkpoint
RP255: 3/14/2011 7:38:23 AM - System Checkpoint
.
==== Installed Programs ======================

Edit: Deleted partial incorrect log content.

 

[mcIrishgurl]

attach log (cont'd)

Edit: Deleted incorrect log content.

 

[mcIrishgurl]

attach log (cont'd)

Edit: Deleted incorrect log content.

 

[mcIrishgurl]

attach log (cont'd)

Edit: Deleted incorrect log content.

 

[Bobbye]

Can you please tell me where you downloaded DDS? We use DDS (Ver_10-12-12.02) - NTFSx86 . You have used DDS (Ver_11-03-05.01) - NTFSx86 .

The version we use does not have SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)

Please uninstall the version of DDS you have and use the following:

• Download DDS by sUBs and save it to your desktop.
  
  After downloading the tool, disconnect from the internet and disable all antivirus protection.
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs: Please paste both in your next reply.
  [o]DDS.txt
  [o]Attach.txt
• Close the program window, and delete the program from your desktop.
• Enable your Antivirus protection and reconnect to the internet.

Please note: You may have to disable any script protection running if the scan fails to run.

It will generate 2 logs: DDS.txt and Attach.txt. Paste those 2 logs in your next reply. Please do not zip the Attach log.

After you do that, I will go in and delete all the entries for the wrong version. You will find all the steps and links we use in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[mcIrishgurl]

new attach (cont'd)

Edit: Deleting incorrect log.

 

[mcIrishgurl]

new attach (cont'd)

Edit to delete incorrect log.

 

[mcIrishgurl]

just waiting on your next step bobbye....the previous posts show the new dds and attach logs. please note that i downloaded from the link u posted and it still included that steelworks thing.

 

[Bobbye]

Please don't run DDS again until we find out what's going on. It shouldn't have the SteelWer Registry Console Tool in it. I've asked about it and will get back to you as soon as I hear something.

 

[mcIrishgurl]

ok.....i'm assuming that is also causing my system to run real slow as it hadn't prior to running that dds tool. i was only being redirected, but now it's slowwwww also.....well, hopefully you hear something soon....thanks again....

 

[mcIrishgurl]

just checking in to see if you found anything out about that steelwerks tool in the dds..thanks

 

[Bobbye]

Sorry, I haven't had time to get back. We don't know where that version came from! Neither of us have ever seen a DDS log like that and for our purposes, it's no good at all. I'd like you to uninstall the DDS program you have now and delete the logs.

Reboot the computer.

Go back and download again, from this site. If the same thing happens again, we will have to contact the site and the author

• Download DDS by sUBs and save it to your desktop.
  
  After downloading the tool, disconnect from the internet and disable all antivirus protection.
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs: Please paste both in your next reply.
  [o]DDS.txt
  [o]Attach.txt
• Close the program window, and delete the program from your desktop.
• Enable your Antivirus protection and reconnect to the internet.

Please note: You may have to disable any script protection running if the scan fails to run.

That program running is from 2006- I've never even seen it previously. Be sure you follow the directions exactly> save the download to the desktop> do not run it from the site. Leave the new logs.

 

[mcIrishgurl]

ok bobbye will do....and what's odd is that my mcaffee just said it removed a trojan and when i looked to delete that dds, it was already gone! so i'm assuming the trojan was that bad dds! trying again now and will post in a few!

 

[mcIrishgurl]

after deleting the dds logs and trying to download from your link again, my mcafee would pop up saying it removed a trojan...i tried again and mcafee popped up with the same notification. so i shut down and restarted again, and now when i click on your dds link, i get this.....Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. so what do we do now?.... should i try from ie instead of firefox or is there something wrong with that dds link? ughhhhhhhhhhhh....

****when i clicked the see more about on the mcafee pop up it said this about the trojan Artemis!E789EA23B49C and it's location was in my local something and cache...it wouldn't let me copy/paste or i would have put it here for you to see. the detections are currently quarantined in mcafee. should i just delete them or i have an option to send to mcafee to report, which would you suggest?****

 

[mcIrishgurl]

hi bobbye...was just checking in....not sure if you read my last 2 posts yet about trying that dds download again...

 

[Bobbye]

Please STOP! Don't run anything else until I get thie thread cleaned up! It is very time consuming to delete the logs. They are of no use to me in the format with that registry section as part.

I can fix the McAfee problem by changing the file extension. Please tell me- has McAfee protested both time you ran DDS??

Please consider also. Everytime you make a new reply, I get an email feedback. I would appreciate it if you used the Edit feature when you just have a sentence or 2 to add,

 

[mcIrishgurl]

sorry for any confusion i gave you....but i didn't actually RUN and execute dds all those times. only when you specifically asked me to and when i TRIED to download, as it gives a link to save first before installing in the pc, THEN i would get a pop up from mcafee stating that it removed a trojan and I would just X out the box asking to save so it wouldn't actually transfer files to my pc. and yes, mcafee did protest each time i tried. You might want to note that i ran it in IE to give those first logs, then was using firefox when you asked me to try again is when mcafee gave me alert pop ups. sorry for the confusions and any extra emails i created for you. certainly not my intent to frustrate anyone like this darn this does me.

 

[Bobbye]

Okay, I think we have all those logs out now. We are going to skip tryig to run it again- I don't know what caused that other Regirstry program to insert itself!

McAfee can be a real pain! It's the file extension making McAfee hollar at you, ut you hadn't mentioned it or I would have had you rename it. I want you to run an Eset online virus scan and the Combofix. The security program needs to be disabled when you run each. If you have any problem with either, let me know.
===========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

==========================================
Download Combofix to your desktop from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If we have a problem with Combofix, I'll have you rename it, but hopefully it will go well.