View Single Post
  #9  
Old September 18th, 2009, 07:18 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
The logs now show much of the infection issues there, which also includes a tough DNS changer hijacker, and that suggests some rootkit activity as well. I do not recognize this device loading from an "E" drive location - do you know what would have been used and given that drive letter there?

S3 ALLOW-IO;ALLOW-IO; \??\E:\ALLOW-IO.sys []

The DNS hijacking may block access to some tool downloads, so you may need to download them elsewhere then transfer them over. A caution about using USB external drives for this though - malware now often uses autorun worm methods, which can infect those and then infect other systems. Burning tool files to a CD to transfer is a safer way, or send them as attachments via email can be used.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote