PDA

View Full Version : Search Engine Redirect Issue



pmaxxx13
2012-03-31, 17:06
Thanks for you help!!


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by pappleby at 9:58:58 on 2012-03-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3510.2112 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Downloaded Program Files\CacheCleaner.exe
C:\Windows\Downloaded Program Files\CacheCleaner.exe
C:\Windows\Downloaded Program Files\TunnelServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Update] rundll32.exe "c:\users\pappleby\appdata\roaming\adobe\adobe\uzseuiy.dll",DllRegisterServer
uRunOnce: [F5 Networks Cleaner] rundll32.exe c:\windows\downlo~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:www.winnremote.com
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [5-Day Forecast] "c:\program files\5-day forecast\5-day forecast\5-Day Forecast.exe" /Startup
dRun: [Update] rundll32.exe "c:\users\pappleby\appdata\roaming\adobe\adobe\uzseuiy.dll",DllRegisterServer
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\pappleby\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\pappleby\appdata\local\temp\f5tmp\cachecleaner.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://www.winnremote.com/vdesk/terminal/urxvpn.cab#version=6031,2010,125,2117
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://www.yardiaspla5.com/84143actussql/activexviewer9.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\pappleby\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\pappleby\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://www.winnremote.com/vdesk/terminal/InstallerControl.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\pappleby\appdata\local\temp\f5tmp\f5opswati.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - c:\users\pappleby\appdata\local\temp\f5tmp\f5InspectionHost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - c:\users\pappleby\appdata\local\temp\f5tmp\urxshost.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/training/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\pappleby\appdata\local\temp\f5tmp\urxhost.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\pappleby\appdata\local\temp\f5tmp\f5opswati.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0E499914-BDD8-4261-8D12-C097229E28AC} : DhcpNameServer = 66.174.71.33 69.78.96.14
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\07160707C65626972E08993702960586F6E656 : DhcpNameServer = 66.174.71.33 69.78.96.14
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\0796562736560286F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\34C61627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\4416679637D2D4F6E6478616D6 : DhcpNameServer = 68.105.28.16 68.105.29.16
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\564777962756C6563737 : DhcpNameServer = 192.168.50.1
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\64169627669656C64694E6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C87F7A7-5742-4385-A788-5FE7D49AF630}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{C0212F6B-EC14-48A0-B9A5-439CBF8534A5} : DhcpNameServer = 172.30.2.76 172.27.8.240 172.27.8.58
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-10-18 17904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-9-15 352256]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-10-17 59904]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-27 2477304]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-9-15 1368064]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2011-10-18 44144]
R3 bpenum;bpenum;c:\windows\system32\drivers\bpenum.sys [2009-9-15 56832]
R3 bpmp;bpmp;c:\windows\system32\drivers\bpmp.sys [2009-9-15 144384]
R3 bpusb;bpusb;c:\windows\system32\drivers\bpusb.sys [2009-9-15 69120]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-10-14 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-10-18 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-18 269824]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-7-14 6814720]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpnwlh.sys [2010-1-25 34944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-18 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2011-10-31 13952]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-18 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-14 1343400]
.
=============== Created Last 30 ================
.
2012-03-28 22:09:59 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-03-28 22:05:55 -------- d-----w- C:\lj1010 series
2012-03-26 17:35:31 81987 ----a-w- c:\windows\system32\AUCPLMNT.DLL
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-15 01:02:18 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 01:02:17 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:32:07 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:32:07 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:37:10 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:37:10 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:37:10 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:37:10 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:37:10 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:37:10 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-02-23 13:30:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
============= FINISH: 9:59:16.87 ===============

jeffce
2012-04-01, 05:50
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view
Choose to "show hidden files and folders,"
Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
Close the window with OK

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

----------

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------

In your next reply please post the logs made by ckscanner and aswMBR.

pmaxxx13
2012-04-01, 14:56
Jeff - thanks for taking the time to help me out!


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 07:53:51
-----------------------------
07:53:51.776 OS Version: Windows 6.1.7601 Service Pack 1
07:53:51.776 Number of processors: 4 586 0x2505
07:53:51.776 ComputerName: PAPPLEBY-LT2 UserName: pappleby
07:53:52.057 Initialize success
07:53:58.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:53:58.392 Disk 0 Vendor: SAMSUNG_ AXM0 Size: 122104MB BusType: 8
07:53:58.408 Disk 0 MBR read successfully
07:53:58.408 Disk 0 MBR scan
07:53:58.408 Disk 0 unknown MBR code
07:53:58.408 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 100 MB offset 2048
07:53:58.423 Disk 0 Partition 2 00 07 HPFS/NTFS 122002 MB offset 206848
07:53:58.423 Disk 0 scanning sectors +250066944
07:53:58.439 Disk 0 scanning C:\Windows\system32\drivers
07:53:58.439 Service scanning
07:54:04.242 Modules scanning
07:54:04.928 Disk 0 trace - called modules:
07:54:04.928 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorV.sys halmacpi.dll
07:54:04.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868891d0]
07:54:04.944 3 CLASSPNP.SYS[8c85e59e] -> nt!IofCallDriver -> [0x86889888]
07:54:04.944 5 stdcfltn.sys[8c7d8854] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85e1a028]
07:54:04.944 Scan finished successfully
07:54:16.566 Disk 0 MBR has been saved successfully to "C:\Users\pappleby\Desktop\MBR.dat"
07:54:16.566 The log file has been saved successfully to "C:\Users\pappleby\Desktop\aswMBR.txt"



CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.BMAAQQ
----- EOF -----

jeffce
2012-04-01, 19:48
Hi,

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
------------

In your next reply please post the logs made by MBRCheck and ComboFix.

pmaxxx13
2012-04-01, 19:58
Jeff

I am unable to disable my Symantec Endpoint, it is not allowing that as an option (not highlighted when I right click). It may be a corporate "lock down"??

Should I still process with the two tasks from your last post?

jeffce
2012-04-01, 20:25
Hi pmaxxx13,

Is this a business/corporate computer by chance?

pmaxxx13
2012-04-01, 21:34
It is business laptop

jeffce
2012-04-01, 22:21
Hi,

Before you posted did you read this here in post #5>> http://forums.spybot.info/showthread.php?t=288


The malware removal forum is set up to help those in need of assistance with their personal computers. This service is free and provided by volunteer analysts.

When the infection is on a Server/Company/Business/Institution/Medical Facility-Health Insurance (HIPAA Privacy Rule) machine or any computer used in the workplace.


The intention of this forum is not to replace a company's IT department or a private business specialist, helpers cannot anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

Other considerations:
Company information may show in the logs.
More than one machine could be at stake.
If sensitive material has been compromised by an infection, the company could be held liable.
To prevent possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected. If neither are available please consider calling in a local technician who can see the machine/network in person.

It's not that we don't want to help, but there are too many issues that could arise with company machines and servers that malware forum volunteers are not experienced in dealing with.

Thank you for your understanding.

pmaxxx13
2012-04-01, 23:42
Nope - did not see that! Sorry

Please delete the thread - Thanks

jeffce
2012-04-02, 00:41
Hi,

Thanks for your understanding. :)