Member Panel

dahli · 04:44 AM

Hello,

Let's take a deeper look.

Please download from one of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Take note that the links are case sensitive

Save ComboFix to the desktop.

Note: It is important that it is saved directly to, and run from your desktop.
In the event you already have Combofix, please delete it as this is a new version.

Close any open browsers.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Double click on combo.exe & follow the prompts.
When finished, it will produce a logfile located at C:\ComboFix.txt.
Post the contents of that log in your next reply with a new hijackthis log.

Note:

Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Do not proceed with the rest of the fix if you fail to run combofix.

otester

Here are the requested logs, also why is my computer running weird since running this ComboFix? Gmail Notifier now gives me an error, I also had to repair my network connection.

dahli

What error does Gmail give you?

Please run the F-Secure Online Scanner

Note: This scanner is for Internet Explorer only :!:

Follow the instructions here for installation.
Accept the License Agreement.
Once the ActiveX installs, click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.

When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and copy and paste the entire report in your next reply.

otester · 08:42 PM

Gmail gives this error since using ComboFix when using IE7 (can't use FF because it says I need to enable cookies, I have but still doesn't work and checked that google was not being blocked, it was not):

Code:

---------------------------
Windows Internet Explorer
---------------------------
Cannot find 'http://%1%20"http://mail.google.com/mail/"'. Make sure the path or Internet address is correct.
---------------------------
OK   
---------------------------

Log from F-Secure Online scanner:

Code:

Scanning Report

 Saturday, January 19, 2008 11:49:38 - 19:37:17

  Computer name: PC1 
Scanning type: Scan system for viruses, rootkits, spyware 
Target: C:\ E:\  
  Result: 9 malware found

 Backdoor.Win32.Iroffer.aq (virus) 

 E:\WINDOWS\SYSTEM32\DRIVERS\ETC\SVCHOST.EXE (Renamed)
Tracking Cookie (spyware) 

 System (Disinfected)
Redirect (virus) 

 E:\PROGRAM FILES\EA GAMES\BATTLEFIELD 2\MODS\TEST1\_BF2_PACK\BIN\BF2_MENU_BUILDER.EXE (Renamed)
Trojan-Dropper.Win32.Agent.dbm (virus) 

 E:\DOCUMENTS AND SETTINGS\OLIVER TESTER\MY DOCUMENTS\UTORRENT\COMPLETE\NEWSLEECHER.V3.9.FINAL.ENGLISH.&.NEDERLANDS-PERMANENTLY.WORKING.SEARCH\NL_SETUP.EXE (Renamed)
Trojan.Win32.Agent.cgz (virus) 

 E:\WINDOWS\SYSTEM32\DRIVERS\ETC\SMSS.EXE (Renamed)
W32/Bifrose.CRO (virus) 

 E:\DOCUMENTS AND SETTINGS\OLIVER TESTER\MY DOCUMENTS\HL STUFF\TT_V10B-WIN32-PATCH.EXE
W32/Malware.ACBL (virus) 

 E:\DOCUMENTS AND SETTINGS\OLIVER TESTER\DESKTOP\FOLDERS\OTHER\COHTRN14.EXE
W32/Smalltroj.CDCD (virus) 

 E:\PROGRAM FILES\UBISOFT\EAGLE DYNAMICS\LOCK ON\F15_UPDATER.EXE
 E:\PROGRAM FILES\EAGLE DYNAMICS\LOCK ON - FLAMING CLIFFS\F15_UPDATER.EXE
Statistics

 Scanned:

Files: 170590
System: 5346
Not scanned: 6
Actions:

Disinfected: 1
Renamed: 4
Deleted: 0
None: 4
Submitted: 0
Files not scanned:

C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0018DB2C03341D966108EE0F63DA9FD9_A0414C68-8A83-4E8A-931F-A15005FF832A
E:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\DSS\MACHINEKEYS\39F07F6F0E95CF184FFAA209F8E61C3E_A0414C68-8A83-4E8A-931F-A15005FF832A
E:\AIRCRACK\MAKEFILE
Options

 Scanning engines:

F-Secure Libra: 2.4.2, 2008-01-18
F-Secure AVP: 7.0.171, 2008-01-18
F-Secure Orion: 1.2.37, 2008-01-18
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2008-00-16
Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF
 Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

dahli

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

otester

Here are the requested logs:

Member Panel

Sponsors and Ads

Live Tag Cloud