Darn Daemon Tools causing false alarms. Daemon has led to so much extra effort in these forum repairs, where rootkit issues are tough enough to assess. But good that it was Daemon, and not malware. Going to need to put that file back now we moved earlier. Let's give it a one-two-three run now.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.
Open notepad (go to Start, Run, type
notepad and press Enter) and copy/paste the text in the codebox below into it:
DDS::
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
mStart Page = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
IE: &Search - ?p=ZLfox000
Firefox::
FF - ProfilePath - c:\documents and settings\Christine\Application Data\Mozilla\Firefox\Profiles\32lg7ieh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://yandex.ru/yandsearch?clid=123047&text=
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://yandex.ru/?clid=123049
FCopy::
c:\WINDOWS\system32\drivers\atapi.sys | c:\WINDOWS\ServicePackFiles\i386\atapi.sys
Save this to your desktop as
CFScript.txtYou should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.
ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
------------
Download Malwarebytes' Anti-Malware from
Here or
Here.
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
----------------
Disable your antivirus program and go
here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:
Remove found threats
Scan unwanted applicationsNext to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).
Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file
log.txt). Click Edit - Select All then copy/paste that log back here please.
If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click
here and download the
esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Post back that log, the Malwarebytes log and the C:\ComboFix.txt log please.
