Inactive Search links in Google/Bing are being redirected to random sites

[mgarcia512]

Hello,

I am having problems on a computer where the search results in Google and MSN/BING are being redirected to random sites. The links appear valid (I try searching legit businesses like Walmart, NFL.com, etc.), but when I click on them they go to random sites. If I copy/paste the link in a new window, the lnks work though.

I have tried SuperAntiSpyware and Hijackthis as they usually fix most problems for me, but I still have the issue. I ran the suggested programs and have attached the files. Your help would be greatly appreciated. I am runnning windows XP btw.

Thank you,
Mario

 

[Broni]

Welcome aboard

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[mgarcia512]

Glad to be aboard! Thanks for the reply, below are the logs your requested from the programs I ran. I went ahead and ran a couple searches in Bing and Google and was able to clikc on the links without being redirected. Hopefully this is fixed!!! =) Let me know if there is more I need to follw-up on.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0006008d

Kernel Drivers (total 114):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF97C6000 \WINDOWS\system32\KDCOM.DLL
0xF96D6000 \WINDOWS\system32\BOOTVID.dll
0xF92C6000 nugbqme.sys
0xF9277000 ACPI.sys
0xF97C8000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF9266000 pci.sys
0xF92D6000 isapnp.sys
0xF988E000 pciide.sys
0xF9546000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF92E6000 MountMgr.sys
0xF9247000 ftdisk.sys
0xF97CA000 dmload.sys
0xF9221000 dmio.sys
0xF954E000 PartMgr.sys
0xF92F6000 VolSnap.sys
0xF9209000 atapi.sys
0xF9306000 disk.sys
0xF9316000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF91E9000 fltmgr.sys
0xF91D7000 sr.sys
0xF91C0000 KSecDD.sys
0xF9133000 Ntfs.sys
0xF9106000 NDIS.sys
0xF90EC000 Mup.sys
0xF9456000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF8F55000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF8F41000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF95CE000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8F1D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF95D6000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF8EF5000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF95DE000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF9466000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF95E6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF95EE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF9476000 \SystemRoot\System32\DRIVERS\serial.sys
0xF976A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8EE1000 \SystemRoot\System32\DRIVERS\parport.sys
0xF9486000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF9496000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8EBE000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8E30000 \SystemRoot\system32\drivers\smwdm.sys
0xF8E0C000 \SystemRoot\system32\drivers\portcls.sys
0xF94A6000 \SystemRoot\system32\drivers\drmk.sys
0xF97E4000 \SystemRoot\system32\drivers\aeaudio.sys
0xF99D2000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF94B6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF9772000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF8DF5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF94C6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF94D6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF95F6000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8DE4000 \SystemRoot\System32\DRIVERS\psched.sys
0xF94E6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF95FE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF9606000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF80F8000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF94F6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF97EA000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF8072000 \SystemRoot\System32\DRIVERS\update.sys
0xF960E000 \SystemRoot\System32\DRIVERS\omci.sys
0xF978E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF9506000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF9526000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF97EC000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF961E000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF90A7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF97F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF9955000 \SystemRoot\System32\Drivers\Null.SYS
0xF97F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF962E000 \SystemRoot\System32\drivers\vga.sys
0xF97FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF97FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF9636000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF963E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF90A3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEFE78000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEFE1F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEFDF7000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEFDD5000 \SystemRoot\System32\drivers\afd.sys
0xF9356000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEFDAA000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEFD12000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF9396000 \SystemRoot\System32\Drivers\Fips.SYS
0xEFCEC000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF93A6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF93C6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEFCD4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF9808000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF80E8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF964E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF99CE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEFBC8000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEF94F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF9386000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF7DC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF9844000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEF6BD000 \SystemRoot\System32\DRIVERS\srv.sys
0xEF064000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF04F000 \SystemRoot\system32\drivers\naiavf5x.sys
0xF966E000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEEFDC000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEEE32000 \??\C:\DOCUME~1\Allen\LOCALS~1\Temp\pxtdqpow.sys
0xEEE07000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
580 C:\WINDOWS\SYSTEM32\smss.exe
628 csrss.exe
652 C:\WINDOWS\SYSTEM32\winlogon.exe
704 C:\WINDOWS\SYSTEM32\services.exe
716 C:\WINDOWS\SYSTEM32\lsass.exe
872 C:\WINDOWS\SYSTEM32\svchost.exe
952 svchost.exe
1048 C:\WINDOWS\SYSTEM32\svchost.exe
1092 svchost.exe
1136 svchost.exe
1364 C:\WINDOWS\SYSTEM32\spoolsv.exe
1660 svchost.exe
1836 C:\Program Files\Dell\OpenManage\Client\Iap.exe
1860 C:\Program Files\Java\jre6\bin\jqs.exe
1896 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
2024 naPrdMgr.exe
224 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
248 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
284 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
448 C:\WINDOWS\explorer.exe
624 wdfmgr.exe
1412 wmiprvse.exe
2104 C:\WINDOWS\SYSTEM32\ctfmon.exe
3000 C:\WINDOWS\SYSTEM32\wscntfy.exe
3028 alg.exe
3600 C:\Program Files\Internet Explorer\iexplore.exe
4064 C:\Program Files\Internet Explorer\iexplore.exe
3504 C:\Documents and Settings\Allen\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75FRA0, Rev: 77.07W77

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

====================== Combofix log below===========
ComboFix 10-10-11.05 - Allen 10/12/2010 10:11:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.137 [GMT -7:00]
Running from: c:\documents and settings\Allen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Allen\Application Data\Sanye
c:\documents and settings\Allen\Application Data\Sanye\ahno.exe
c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}
c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome.manifest
c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome\content\_cfg.js
c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\chrome\content\overlay.xul
c:\documents and settings\Allen\Local Settings\Application Data\{15796969-1891-465C-8DFB-5DE2B32E0B45}\install.rdf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-11 17:45 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 17:45 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 17:45 . 2010-10-11 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 17:30 . 2010-10-11 17:30 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\PCHealth
2010-10-11 17:09 . 2010-10-11 17:17 -------- d-----w- C:\241a1d0ff27f3b0b635054ecdb
2010-09-30 18:06 . 2010-09-30 18:06 -------- d-----w- c:\documents and settings\Allen\Local Settings\Application Data\Help
2010-09-30 18:05 . 2010-09-30 18:05 -------- d-----w- c:\program files\TechSmith
2010-09-30 16:51 . 2010-09-30 16:51 -------- d-----w- c:\documents and settings\Allen\Application Data\Malwarebytes
2010-09-30 16:51 . 2010-09-30 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-29 17:23 . 2010-09-29 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-29 17:17 . 2010-09-29 17:17 -------- d-----w- C:\QUARANTINE
2010-09-29 16:37 . 2010-09-29 16:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-24 18:08 . 2010-09-24 18:08 -------- d-----w- c:\documents and settings\Allen\Application Data\SUPERAntiSpyware.com
2010-09-21 18:16 . 2010-09-29 15:29 0 ----a-w- c:\windows\Vnowuwidog.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^logon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\logon.lnk
backup=c:\windows\pss\logon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2003-02-25 10:00 139347 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2003-03-06 14:00 90182 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-20 23:52 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-25 16:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\windows\SYSTEM32\mobsync.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Allen\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 10:08 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:08]

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 17:08]

2010-10-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 05:18]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-Gdifafox - c:\windows\ieagno.dll
MSConfigStartUp-Gvasifatufoqiw - c:\windows\ebulatoletu.dll
MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-{316D0041-D9FD-4CF0-AA89-F201BD5BA04C} - c:\documents and settings\Allen\Application Data\Sanye\ahno.exe
AddRemove-HijackThis - c:\documents and settings\Allen\Desktop\HijackThis.exe


.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-12 10:28:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-12 17:28

Pre-Run: 70,765,727,744 bytes free
Post-Run: 70,683,537,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 89CCBDC2F9A9AAB9F101EF150362C571

 

[Broni]

It looks like Combofix did a good job

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\Vnowuwidog.bin

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt