DOS/SMURF Attacks, Webpage re-routes, HELP!
sianbootay Ive been checking the logs on my NETGEAR N600 Router and noticed [DoS attack: ACK Scan] attack packets in last 20 sec from ip [207.171.163.14], Saturday, Dec 22,2012 20:24:47. Back to Top
Touch Forum Moderator Hello :-)
We need to get a comprehensive report of what is present in your system.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Select All Users Under the Custom Scan box paste this in:
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
MRESP50.SYS
CBPSp50.sys
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Quick Scan The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt Extras.Txt Post both logs
Do not PM me with logfiles. They will be deleted.
Back to Top
sianbootay OTL========== Processes (SafeList) ========== ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== 64bit: - [2012/12/06 22:58:06 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)64bit: - [2011/05/06 17:02:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)64bit: - [2010/05/21 09:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)64bit: - [2010/04/18 19:17:10 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)64bit: - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)64bit: - [2010/02/02 13:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)64bit: - [2009/07/13 17:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)========== Driver Services (SafeList) ========== 64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)64bit: - [2012/04/14 07:57:35 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)64bit: - [2012/01/17 04:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)64bit: - [2011/05/06 16:59:08 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)64bit: - [2011/02/22 15:17:34 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)64bit: - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)64bit: - [2011/01/01 09:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)64bit: - [2010/09/29 10:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)64bit: - [2010/09/29 10:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)64bit: - [2010/02/02 13:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)64bit: - [2010/02/02 13:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)64bit: - [2010/02/02 13:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)64bit: - [2010/01/22 09:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)64bit: - [2009/12/28 20:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)64bit: - [2009/11/10 14:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)64bit: - [2009/08/18 07:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)64bit: - [2009/06/26 14:43:42 | 000,016,752 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EMSC.sys -- (EMSC)64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)64bit: - [2008/09/24 18:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)64bit: - [2008/07/31 17:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Vid.sys -- (OA002Vid)64bit: - [2008/06/03 01:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Ufd.sys -- (OA002Ufd)64bit: - [2007/06/07 17:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA002Afx.sys -- (OA002Afx)========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== 64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC========== FireFox ========== 64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found========== Chrome ========== 64bit: - HKLM..\Run: [] File not found64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)64bit: - gopher Prefix: missing64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found64bit: - Protocol\Handler\ms-help - No CLSID value found64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.64bit: - HKLM\..comfile [open] -- "%1" %*64bit: - HKLM\..exefile [open] -- "%1" %*64bit: - HKLM\...com [@ = comfile] -- "%1" %*64bit: - HKLM\...exe [@ = exefile] -- "%1" %*64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.064bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.664bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 764bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUPAPSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)BitTorrent - hkey= - key= - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)DS3 Tool - hkey= - key= - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)FATrayAlert - hkey= - key= - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)Logitech G35 - hkey= - key= - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)tvncontrol - hkey= - key= - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)========== Files/Folders - Created Within 30 Days ========== ========== Files - Modified Within 30 Days ========== ========== Files Created - No Company Name ========== ========== ZeroAccess Check ========== ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %windir%\Installer\*.* > < %windir%\system32\tasks\*.* > < %systemroot%\Fonts\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > < MD5 for: REGEDIT.EXE > < MD5 for: SVCHOST.EXE > < MD5 for: USERINIT.EXE > < MD5 for: WINLOGON.EXE > < C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < type c:\diskreport.txt /c > ========== Alternate Data Streams ========== ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== ========== Vista Active Application Exception List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== ========== HKEY_USERS Uninstall List ========== ========== Last 20 Event Log Errors ========== Back to Top
Touch Forum Moderator Sorry for late reply..........
We need to run an OTL Fix
Please reopen OTL on your desktop. Copy and Paste Custom Scan textbox.
: OTL
· O3 - HKU\S-1-5-21-2229391427-1754303536-809865111-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found · : Reg · · : Files · C:\Program Files (x86)\BitTorrent · ipconfig / flushdns / c · : Commands · [ purity ] · [ resethosts ] · [ CreateRestorePoint ] · [ emptytemp ] [ EMPTYFLASH ]
Push Run Fix ButtonOTL may ask to reboot the machine. Please do so if asked. Click OK. A report will open. Copy Paste If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Please download adwcleaner ->
Double click on AdwCleaner.exe to run the tool. ***Note: Windows Vista and Windows 7 users: adwCleaner.exe and select – Run as admin
Click Delete . Everything that was found will be deleted. Save any open files and approve the reboot. A text file will open after the restart.
And save to the desktop.
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Do not PM me with logfiles. They will be deleted.
Back to Top
sianbootay Its ok Touch, no worries. You've helped me soo much within the past years. By the way, Merry Late Christmas! :) Back to Top
Touch Forum Moderator By the way, Merry Late Christmas! :) Thank you, and a happy early new year to you
Do you know these folder/s:
c:\users\TEMP.SIAN.012 ?
Do not PM me with logfiles. They will be deleted.
Back to Top
sianbootay Sorry for the late reply, but i do not know what those are. Should i go ahead and delete? and do you see anything in any system? Back to Top
Touch Forum Moderator Have combofix to do the deleting
Open notepad and copy/paste the text in bold in below into it:
Snapshot::
Folder::
c:\users\TEMP.SIAN.015
c:\users\TEMP.SIAN.014
c:\users\TEMP.SIAN.012
c:\program files (x86)\BitTorrent
File::
c:\users\TEMP.SIAN.015
c:\users\TEMP.SIAN.014
c:\users\TEMP.SIAN.012
Save this as:CFScript
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please post it to your next reply
Do not PM me with logfiles. They will be deleted.
Back to Top
sianbootay ComboFix 13-01-05.01 - Sian 01/05/2013 18:26:45.2.2 - x64 Back to Top
sianbootay Hi Touch! Back to Top
Touch Forum Moderator See if Microsoft's own solution may do the trick, so you do not end up on Phishing sites ?
Do not PM me with logfiles. They will be deleted.
Back to Top
sianbootay I do, but i close it immediately. I usually pay attention to the URL. I will give this a shot and see what happens. Will keep you updated. Back to Top
Touch Forum Moderator "Will keep you updated".
OK :-)
Do not PM me with logfiles. They will be deleted.
Back to Top
Forum Information Currently it is Sunday, May 19, 2013 2:17 PM (GMT +3)View Active Threads Who's Online This forum has 34612 registered members. Please welcome our newest member, Specialist .Details 5 Latest Threads
|
Forum Help Manual
the only thing that still happens are website reroute. I google something and when I click on the link, it'll bring me to some phishing site. Any clues on why this is still happening? Much appreciated. Thanks