2 browsers re-routing - Comodo Reporting Various Malwares every 5 mins

Hi,

Please download ComboFix.exe to your desktop (not into any subfolder) and then copy-paste this command to the run box:
"%USERPROFILE%\Desktop\ComboFix.exe" /uninstall
 
Hi Blade,

This has worked and ComboFix has been uninstalled.

However looking at the C: drive there appear to be remnants of the renamed ComboFix file that was installed when we were having issues with Comodo preventing the running of the file. ComboFix was renamed to "Tool" (not very imaginative I know), and in the C: drive I can see three folders called:

Tool
Tool8786T
Tool21664T

These all contain ComboFix related files. Not sure if they also need to be removed?

Thanks
 
Yes, see if you can delete those listed folders manually.
 
Hi Blade,

As ever thanks for the prompt response.

Those three folders seem to have been deleted without any issue.

I'll now start the process of re-installing the security products removed and will run Windows update. I'll set these up to automatically update and will relay your feedback onto my friend, I'll also make sure he makes a donation to Spybot.

Thank you for your assistance and patience. :bigthumb:
 
Hi Blade,

Sorry, to bother you again, but for some reason Microsoft Update keeps failing. I went to th website above, which then refers me to run Windows update from within the OS Start>All Programs>Windows Update. I've tried deselecting all of the updates (16 Security and 5 Optional) bar one, but it still fails. Error code is 80246008 and when I attempt to get help I'm offered the option to run Microsoft Fixit, but this doesn't resolve the issue.

I've also tried this in safe mode with networking, but for some reason MS Update doesn't initiate a connection/web session.

I've not installed any of the 3rd party security apps yet.
 
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check these boxes:
    -Internet Services
    -Windows Firewall
    -System Restore
    -Security Center
    -Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Hi,

Log below as requested.

====================FSS================================

Farbar Service Scanner Version: 06-08-2012
Ran by graham (administrator) on 01-09-2012 at 20:04:13
Running from "C:\Users\graham\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Hi,

Download this file to your desktop. Then run it and allow merging. Reboot and run the service scanner again. Post back the log.

Note: the file is meant to be used in this specific topic case only. Using it elsewhere may render system unbootable.
 
Hi Blade,

Log below are requested, thanks.

======================FFS==============================

Farbar Service Scanner Version: 06-08-2012
Ran by graham (administrator) on 02-09-2012 at 21:41:28
Running from "C:\Users\graham\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Hi Blade,

Yes, windows update now appears to be working again, thanks.

Should I delete BITS reg edit file from the desktop?

I'll post back once I've restored all of the remaining aps.

Thanks :bigthumb:

Skoobaskunk
 
Hi,

Yes, the reg file can be now deleted from the desktop :)
 
Hi Blade,

Reg Edit file deleted, Windows update run and Comodo, Ad Aware, Spybot S&D and Malware Bytes all installed without issue. I have also installed Secunia PSI 3.0 and set it to auto update my friends apps...hopefully he won't find himself in this position again.

Thanks for all of your help.

Skoobaskunk
 
You're welcome

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top