TechSpot

Search links in Google/Bing are being redirected to random sites

Inactive
By mgarcia512
Oct 11, 2010
  1. Hello,

    I am having problems on a computer where the search results in Google and MSN/BING are being redirected to random sites. The links appear valid (i try searching legit businesses like Walmart, NFL.com, etc.), but when I click on them they go to random sites. If I copy/paste the link in a new window, the lnks work though.

    I have tried SuperAntiSpyware and Hijackthis as they usually fix most problems for me, but I still have the issue. I ran the suggested programs and have attached the files. Your help would be greatly appreciated. I am runnning windows XP btw.

    Thank you,
    Mario
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. mgarcia512

    mgarcia512 TS Rookie Topic Starter

    Glad to be aboard! Thanks for the reply, below are the logs your requested from the programs I ran. I went ahead and ran a couple searches in Bing and Google and was able to clikc on the links without being redirected. Hopefully this is fixed!!! =) Let me know if there is more I need to follw-up on.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0006008d

    Kernel Drivers (total 114):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF97C6000 \WINDOWS\system32\KDCOM.DLL
    0xF96D6000 \WINDOWS\system32\BOOTVID.dll
    0xF92C6000 nugbqme.sys
    0xF9277000 ACPI.sys
    0xF97C8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF9266000 pci.sys
    0xF92D6000 isapnp.sys
    0xF988E000 pciide.sys
    0xF9546000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF92E6000 MountMgr.sys
    0xF9247000 ftdisk.sys
    0xF97CA000 dmload.sys
    0xF9221000 dmio.sys
    0xF954E000 PartMgr.sys
    0xF92F6000 VolSnap.sys
    0xF9209000 atapi.sys
    0xF9306000 disk.sys
    0xF9316000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF91E9000 fltmgr.sys
    0xF91D7000 sr.sys
    0xF91C0000 KSecDD.sys
    0xF9133000 Ntfs.sys
    0xF9106000 NDIS.sys
    0xF90EC000 Mup.sys
    0xF9456000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xF8F55000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
    0xF8F41000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xF95CE000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xF8F1D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF95D6000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xF8EF5000 \SystemRoot\System32\DRIVERS\e100b325.sys
    0xF95DE000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xF9466000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF95E6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF95EE000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF9476000 \SystemRoot\System32\DRIVERS\serial.sys
    0xF976A000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xF8EE1000 \SystemRoot\System32\DRIVERS\parport.sys
    0xF9486000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xF9496000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF8EBE000 \SystemRoot\System32\DRIVERS\ks.sys
    0xF8E30000 \SystemRoot\system32\drivers\smwdm.sys
    0xF8E0C000 \SystemRoot\system32\drivers\portcls.sys
    0xF94A6000 \SystemRoot\system32\drivers\drmk.sys
    0xF97E4000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF99D2000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xF94B6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xF9772000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xF8DF5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF94C6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF94D6000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF95F6000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xF8DE4000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF94E6000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF95FE000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF9606000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xF80F8000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xF94F6000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF97EA000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xF8072000 \SystemRoot\System32\DRIVERS\update.sys
    0xF960E000 \SystemRoot\System32\DRIVERS\omci.sys
    0xF978E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF9506000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF9526000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF97EC000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF961E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xF90A7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF97F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF9955000 \SystemRoot\System32\Drivers\Null.SYS
    0xF97F8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF962E000 \SystemRoot\System32\drivers\vga.sys
    0xF97FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF97FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF9636000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF963E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF90A3000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xEFE78000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xEFE1F000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xEFDF7000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xEFDD5000 \SystemRoot\System32\drivers\afd.sys
    0xF9356000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xEFDAA000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xEFD12000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF9396000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEFCEC000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xF93A6000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xF93C6000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEFCD4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF9808000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF80E8000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF964E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF99CE000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEFBC8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xEF94F000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF9386000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEF7DC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xF9844000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xEF6BD000 \SystemRoot\System32\DRIVERS\srv.sys
    0xEF064000 \SystemRoot\System32\Drivers\HTTP.sys
    0xEF04F000 \SystemRoot\system32\drivers\naiavf5x.sys
    0xF966E000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xEEFDC000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xEEE32000 \??\C:\DOCUME~1\Allen\LOCALS~1\Temp\pxtdqpow.sys
    0xEEE07000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 30):
    0 System Idle Process
    4 System
    580 C:\WINDOWS\SYSTEM32\smss.exe
    628 csrss.exe
    652 C:\WINDOWS\SYSTEM32\winlogon.exe
    704 C:\WINDOWS\SYSTEM32\services.exe
    716 C:\WINDOWS\SYSTEM32\lsass.exe
    872 C:\WINDOWS\SYSTEM32\svchost.exe
    952 svchost.exe
    1048 C:\WINDOWS\SYSTEM32\svchost.exe
    1092 svchost.exe
    1136 svchost.exe
    1364 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1660 svchost.exe
    1836 C:\Program Files\Dell\OpenManage\Client\Iap.exe
    1860 C:\Program Files\Java\jre6\bin\jqs.exe
    1896 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    2024 naPrdMgr.exe
    224 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    248 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    284 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    448 C:\WINDOWS\explorer.exe
    624 wdfmgr.exe
    1412 wmiprvse.exe
    2104 C:\WINDOWS\SYSTEM32\ctfmon.exe
    3000 C:\WINDOWS\SYSTEM32\wscntfy.exe
    3028 alg.exe
    3600 C:\Program Files\Internet Explorer\iexplore.exe
    4064 C:\Program Files\Internet Explorer\iexplore.exe
    3504 C:\Documents and Settings\Allen\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800BB-75FRA0, Rev: 77.07W77

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    ====================== Combofix log below===========
    ComboFix 10-10-11.05 - Allen 10/12/2010 10:11:38.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.137 [GMT -7:00]
    Running from: c:\documents and settings\Allen\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Allen\Application Data\Sanye
    c:\documents and settings\Allen\Application Data\Sanye\ahno.exe
    c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}
    c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome.manifest
    c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome\content\_cfg.js
    c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome\content\overlay.xul
    c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\install.rdf
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\wpcap.dll

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
    .

    2010-10-11 17:45 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-11 17:45 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-11 17:45 . 2010-10-11 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-11 17:30 . 2010-10-11 17:30 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\PCHealth
    2010-10-11 17:09 . 2010-10-11 17:17 -------- d-----w- C:\241a1d0ff27f3b0b635054ecdb
    2010-09-30 18:06 . 2010-09-30 18:06 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\Help
    2010-09-30 18:05 . 2010-09-30 18:05 -------- d-----w- c:\program files\TechSmith
    2010-09-30 16:51 . 2010-09-30 16:51 -------- d-----w- c:\documents and settings\Allen\Application Data\Malwarebytes
    2010-09-30 16:51 . 2010-09-30 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-29 17:23 . 2010-09-29 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-09-29 17:17 . 2010-09-29 17:17 -------- d-----w- C:\QUARANTINE
    2010-09-29 16:37 . 2010-09-29 16:37 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-09-24 18:08 . 2010-09-24 18:08 -------- d-----w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com
    2010-09-21 18:16 . 2010-09-29 15:29 0 ----a-w- c:\windows\Vnowuwidog.bin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^logon.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\logon.lnk
    backup=c:\windows\pss\logon.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 16:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
    2003-02-25 10:00 139347 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
    2003-03-06 14:00 90182 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-12-20 23:52 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-01-25 16:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    2008-04-14 00:12 143360 ----a-w- c:\windows\SYSTEM32\mobsync.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 10:08 AM 135664]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:08]

    2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:08]

    2010-10-12 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 05:18]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.dell.com
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    MSConfigStartUp-Gdifafox - c:\windows\ieagno.dll
    MSConfigStartUp-Gvasifatufoqiw - c:\windows\ebulatoletu.dll
    MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe
    MSConfigStartUp-{316D0041-D9FD-4CF0-AA89-F201BD5BA04C} - c:\documents and settings\Allen\Application Data\Sanye\ahno.exe
    AddRemove-HijackThis - c:\documents and settings\Allen\Desktop\HijackThis.exe


    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\OpenManage\Client\Iap.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Network Associates\Common Framework\FrameworkService.exe
    c:\program files\Network Associates\VirusScan\Mcshield.exe
    c:\program files\Network Associates\VirusScan\VsTskMgr.exe
    c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-12 10:28:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-12 17:28

    Pre-Run: 70,765,727,744 bytes free
    Post-Run: 70,683,537,408 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 89CCBDC2F9A9AAB9F101EF150362C571
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    It looks like Combofix did a good job :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\Vnowuwidog.bin
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.