TechSpot

Google randomly redirecting...logs attached

Resolved
By mcIrishgurl
Mar 14, 2011
  1. google is randomly redirecting ie. i've attached the prelimenary logs. your help is appreciated.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6057

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/14/2011 5:30:49 PM
    mbam-log-2011-03-14 (17-30-49).txt

    Scan type: Quick scan
    Objects scanned: 184180
    Time elapsed: 10 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-14 17:47:46
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD400EB-11CPF0 rev.06.04G06
    Running: fpo6du4z.exe; Driver: C:\DOCUME~1\Dawn\LOCALS~1\Temp\kxtdapog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 78165193 (+166): rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF74640E0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74640F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7464120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7464176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74640CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74640A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74640B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF746410A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF746414C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7464136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF74641A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF746418C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7464160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A468AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A468AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A468AF1

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400EB-11CPF0______________________06.04G06#4457572d41435441324636313430_033_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     
  2. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Dawn at 17:59:47.54 on Mon 03/14/2011
    internet explorer: 8.0.6001.18702
    browserjavaversion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.884 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBKJSWX.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Dawn\My Documents\dds.scr
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\LXBKJSWX.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Dawn\My Documents\dds.scr
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============

    Edit: Deleting following as wrong log..
    .
     
  3. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log (cont'd)

    Edit: Deleting incorrect log display.
     
  4. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log (cont'd)

    Edit: Deleted incorrect log.
     
  5. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log (cont'd)

    Edit: Deleted incorrect log.
     
  6. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log (cont'd)

    Edit: Deleted incorrect log.
     
  7. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    dds log (cont'd)

    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\WINDOWS\system32\driverse\mfehidk.sys [2010-10-13 386840]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\WINDOWS\system32\driverse\mfetdi2k.sys [2011-2-22 84072]
    R1 SASDIFSV;SASDIFSV;c:\Program Files\SUPERAntiSpywaree\SASDIFSV.SYS [2009-9-4 12872]
    R1 SASKUTIL;SASKUTIL;c:\Program Files\SUPERAntiSpywaree\SASKUTIL.SYS [2009-9-4 67656]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\Program Files\Common Files\Mcafee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\Program Files\Common Files\Mcafee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
    R2 McProxy;McAfee Proxy Service;"c:\Program Files\Common Files\McAfee\McSvcHoste\McSvHost.exe" /McCoreSvc [2011-2-22 271480]
    R2 McShield;McShield;c:\Program Files\Common Files\McAfee\SystemCoree\mcshield.exe [2011-2-22 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\Program Files\Common Files\McAfee\SystemCoree\mfefire.exe [2011-2-22 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\WINDOWS\system32e\mfevtps.exe [2011-2-22 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\WINDOWS\system32\driverse\cfwids.sys [2011-2-22 55840]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\WINDOWS\system32\driverse\mfeavfk.sys [2011-2-22 152960]
    R3 mfefirek;McAfee Inc. mfefirek;c:\WINDOWS\system32\driverse\mfefirek.sys [2011-2-22 313288]
    R3 mfendiskmp;mfendiskmp;c:\WINDOWS\system32\driverse\mfendisk.sys [2011-2-22 88544]
    S2 gupdate;Google Update Service (gupdate);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2010-2-1 135664]
    S3 hdlSrv;hdlSrv;c:\Program Files\M-Systems Utilitye\hdlSrv.exe [2002-11-19 65536]
    S3 mfebopk;McAfee Inc. mfebopk;c:\WINDOWS\system32\driverse\mfebopk.sys [2011-2-22 52104]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\WINDOWS\system32\driverse\mfendisk.sys [2011-2-22 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\WINDOWS\system32\driverse\mferkdet.sys [2011-2-22 84264]
    S3 SASENUM;SASENUM;c:\Program Files\SUPERAntiSpywaree\SASENUM.SYS [2009-9-4 12872]
    ======

    Edit: Deleted partial incorrect log content.
     
  8. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/31/2007 1:05:20 PM
    System Uptime: 3/14/2011 5:07:03 PM (1 hours ago)
    .
    Motherboard: Lite-On Tech. | | 0888h
    Processor: Intel(R) Celeron(R) CPU 2.00GHz | mPGA-478 | 2000/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 32 GiB total, 11.717 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP217: 2/6/2011 8:05:57 AM - System Checkpoint
    RP218: 2/7/2011 9:43:13 AM - System Checkpoint
    RP219: 2/8/2011 10:05:21 AM - System Checkpoint
    RP220: 2/9/2011 12:23:28 PM - System Checkpoint
    RP221: 2/10/2011 1:20:38 AM - Software Distribution Service 3.0
    RP222: 2/10/2011 11:33:49 AM - Installed HP Product Detection.
    RP223: 2/10/2011 12:15:39 PM - Installed LightScribe System Software 1.14.25.1.
    RP224: 2/10/2011 12:34:53 PM - Removed System Requirements Lab for Intel
    RP225: 2/11/2011 12:43:19 PM - System Checkpoint
    RP226: 2/12/2011 3:51:34 PM - System Checkpoint
    RP227: 2/13/2011 6:35:56 PM - System Checkpoint
    RP228: 2/14/2011 6:56:26 PM - System Checkpoint
    RP229: 2/15/2011 7:18:50 PM - System Checkpoint
    RP230: 2/17/2011 1:57:05 AM - System Checkpoint
    RP231: 2/18/2011 2:44:53 AM - System Checkpoint
    RP232: 2/19/2011 2:52:54 AM - System Checkpoint
    RP233: 2/20/2011 3:43:48 AM - System Checkpoint
    RP234: 2/21/2011 5:46:41 AM - System Checkpoint
    RP235: 3/22/2011 2:37:41 AM - System Checkpoint
    RP236: 2/22/2011 10:16:48 PM - System Checkpoint
    RP237: 2/23/2011 10:28:05 PM - System Checkpoint
    RP238: 2/25/2011 1:31:48 AM - System Checkpoint
    RP239: 2/26/2011 2:02:07 AM - System Checkpoint
    RP240: 2/27/2011 2:18:36 AM - System Checkpoint
    RP241: 2/28/2011 3:18:30 AM - System Checkpoint
    RP242: 3/1/2011 3:37:02 AM - System Checkpoint
    RP243: 3/2/2011 4:36:59 AM - System Checkpoint
    RP244: 3/3/2011 5:38:40 AM - System Checkpoint
    RP245: 3/4/2011 6:38:05 AM - System Checkpoint
    RP246: 3/5/2011 7:38:02 AM - System Checkpoint
    RP247: 3/6/2011 8:15:00 AM - System Checkpoint
    RP248: 3/7/2011 8:52:49 AM - System Checkpoint
    RP249: 3/8/2011 10:00:56 AM - System Checkpoint
    RP250: 3/9/2011 10:38:21 AM - System Checkpoint
    RP251: 3/10/2011 3:00:56 AM - Software Distribution Service 3.0
    RP252: 3/11/2011 3:38:24 AM - System Checkpoint
    RP253: 3/12/2011 4:38:26 AM - System Checkpoint
    RP254: 3/13/2011 7:02:34 AM - System Checkpoint
    RP255: 3/14/2011 7:38:23 AM - System Checkpoint
    .
    ==== Installed Programs ======================

    Edit: Deleted partial incorrect log content.
     
  9. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    attach log (cont'd)

    Edit: Deleted incorrect log content.
     
  10. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    attach log (cont'd)

    Edit: Deleted incorrect log content.
     
  11. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    attach log (cont'd)

    Edit: Deleted incorrect log content.
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Can you please tell me where you downloaded DDS? We use DDS (Ver_10-12-12.02) - NTFSx86 . You have used DDS (Ver_11-03-05.01) - NTFSx86 .

    The version we use does not have SteelWerX Registry Console Tool 2.0
    Written by Bobbi Flekman 2006 (C)

    Please uninstall the version of DDS you have and use the following:
    • Download DDS by sUBs and save it to your desktop.

      After downloading the tool, disconnect from the internet and disable all antivirus protection.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • When done, DDS will open two (2) logs: Please paste both in your next reply.
      [o]DDS.txt
      [o]Attach.txt
    • Close the program window, and delete the program from your desktop.
    • Enable your Antivirus protection and reconnect to the internet.
    Please note: You may have to disable any script protection running if the scan fails to run.

    It will generate 2 logs: DDS.txt and Attach.txt. Paste those 2 logs in your next reply. Please do not zip the Attach log.

    After you do that, I will go in and delete all the entries for the wrong version. You will find all the steps and links we use in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  13. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    new attach (cont'd)

    Edit: Deleting incorrect log.
     
  14. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    new attach (cont'd)

    Edit to delete incorrect log.
     
  15. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    just waiting on your next step bobbye....the previous posts show the new dds and attach logs. please note that i downloaded from the link u posted and it still included that steelworks thing.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please don't run DDS again until we find out what's going on. It shouldn't have the SteelWer Registry Console Tool in it. I've asked about it and will get back to you as soon as I hear something.
     
  17. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    ok.....i'm assuming that is also causing my system to run real slow as it hadn't prior to running that dds tool. i was only being redirected, but now it's slowwwww also.....well, hopefully you hear something soon....thanks again....
     
  18. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    just checking in to see if you found anything out about that steelwerks tool in the dds..thanks
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry, I haven't had time to get back. We don't know where that version came from! Neither of us have ever seen a DDS log like that and for our purposes, it's no good at all. I'd like you to uninstall the DDS program you have now and delete the logs.

    Reboot the computer.

    Go back and download again, from this site. If the same thing happens again, we will have to contact the site and the author
    • Download DDS by sUBs and save it to your desktop.

      After downloading the tool, disconnect from the internet and disable all antivirus protection.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • When done, DDS will open two (2) logs: Please paste both in your next reply.
      [o]DDS.txt
      [o]Attach.txt
    • Close the program window, and delete the program from your desktop.
    • Enable your Antivirus protection and reconnect to the internet.
    Please note: You may have to disable any script protection running if the scan fails to run.

    That program running is from 2006- I've never even seen it previously. Be sure you follow the directions exactly> save the download to the desktop> do not run it from the site. Leave the new logs.
     
  20. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    ok bobbye will do....and what's odd is that my mcaffee just said it removed a trojan and when i looked to delete that dds, it was already gone! so i'm assuming the trojan was that bad dds! trying again now and will post in a few!
     
  21. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    after deleting the dds logs and trying to download from your link again, my mcafee would pop up saying it removed a trojan...i tried again and mcafee popped up with the same notification. so i shut down and restarted again, and now when i click on your dds link, i get this.....Firefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. so what do we do now?.... :( should i try from ie instead of firefox or is there something wrong with that dds link? ughhhhhhhhhhhh....

    ****when i clicked the see more about on the mcafee pop up it said this about the trojan Artemis!E789EA23B49C and it's location was in my local something and cache...it wouldn't let me copy/paste or i would have put it here for you to see. the detections are currently quarantined in mcafee. should i just delete them or i have an option to send to mcafee to report, which would you suggest?****
     
  22. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    hi bobbye...was just checking in....not sure if you read my last 2 posts yet about trying that dds download again...
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please STOP! Don't run anything else until I get thie thread cleaned up! It is very time consuming to delete the logs. They are of no use to me in the format with that registry section as part.

    I can fix the McAfee problem by changing the file extension. Please tell me- has McAfee protested both time you ran DDS??

    Please consider also. Everytime you make a new reply, I get an email feedback. I would appreciate it if you used the Edit feature when you just have a sentence or 2 to add,
     
  24. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 148

    sorry for any confusion i gave you....but i didn't actually RUN and execute dds all those times. only when you specifically asked me to and when i TRIED to download, as it gives a link to save first before installing in the pc, THEN i would get a pop up from mcafee stating that it removed a trojan and I would just X out the box asking to save so it wouldn't actually transfer files to my pc. and yes, mcafee did protest each time i tried. You might want to note that i ran it in IE to give those first logs, then was using firefox when you asked me to try again is when mcafee gave me alert pop ups. sorry for the confusions and any extra emails i created for you. certainly not my intent to frustrate anyone like this darn this does me.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, I think we have all those logs out now. We are going to skip tryig to run it again- I don't know what caused that other Regirstry program to insert itself!

    McAfee can be a real pain! It's the file extension making McAfee hollar at you, ut you hadn't mentioned it or I would have had you rename it. I want you to run an Eset online virus scan and the Combofix. The security program needs to be disabled when you run each. If you have any problem with either, let me know.
    ===========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==========================================
    Download Combofix to your desktop from HERE or HERE
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If we have a problem with Combofix, I'll have you rename it, but hopefully it will go well.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.