 Browser redirects w/ Steam crashes: Trojan.Gumblar, Trojan.Agent, Backdoor.Bot, etc., Removed using Malwarebyte's several times, each time it's diff |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 1 2009, 01:28 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 1-June 09 Member No.: 337,751  |
I always update both AVG and Malwarebytes' Anti-Malware before scanning. Malwarebytes' updates ok, but AVG must be updated manually via directory each time. Recently, AVG finds nothing. On the 8th, 9th, and 10th, AVG found: Downloader.Swizzor.JVP, Generic_c.AGFX, Downloader.Generic2_XQU, and Defiler. Most of the time Malwarebytes' finds something. However, it doesn't always find anything, and it isn't removing the underlying problem. I can verify infection even when Malwarebytes' finds nothing by clicking through Google to AVG (e.g. search "AVG" in Google) and usually 1 out of about 20 clicks will be redirected. An example redirected URL is <http://www.free-download-place.net/avg/index_promo.php?source=CCN-CD277-MIVA-avg> and <http://us.peeplo.com/search/?q=avg&from=adg5> instead of <http://free.avg.com>. Also used to verify is Steam, as it will immediately close without a crash report when the redirector is active and messing with its network requests. There is obviously some sort of background application bringing in new programs almost daily, but I can not ferret it out for the life of me. Example DDS and Malwarebytes' logs are found below. I will be running a Kaspersky scan after I post this to include more information. DDS (Ver_09-05-14.01) - NTFSx86 Run by Ender at 1:07:16.59 on Mon 06/01/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2583 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Google\Google Talk\googletalk.exe G:\Program Files\Razer\Diamondback 3G\razerhid.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter G:\Program Files\Razer\Diamondback 3G\razertra.exe G:\Program Files\Razer\Diamondback 3G\razerofa.exe C:\Program Files\Razer Barracuda AC-1 Gaming Audio Card\CustomApp\Program\Razer Barracuda AC-1 Gaming Audio card.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Ender\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg8\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [Diamondback] g:\program files\razer\diamondback 3g\razerhid.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe dRunOnce: [RunNarrator] Narrator.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.phgenit.com/plugin/awarewebplayer/download/smart/cab/awswaxf.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175824274686 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175825173530 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ender\applic~1\mozilla\firefox\profiles\70tuse51.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-16 325896] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-16 27784] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-16 298776] R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-10-5 1310720] R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [2008-6-24 1423360] R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-6-4 13225] S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?] =============== Created Last 30 ================ ==================== Find3M ==================== 2009-05-02 18:49 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-05-02 15:01 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-02 15:01 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll 2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll 2009-04-04 20:42 410,984 a------- c:\windows\system32\deploytk.dll 2009-04-01 01:09 4,096 a------- c:\windows\d3dx.dat 2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe 2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll 2009-03-08 14:09 638,816 -------- c:\windows\system32\dllcache\iexplore.exe 2009-03-08 14:09 391,536 -------- c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll 2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll 2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll 2009-03-08 04:34 236,544 -------- c:\windows\system32\dllcache\webcheck.dll 2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll 2009-03-08 04:34 43,008 -------- c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 04:34 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-03-08 04:34 193,536 -------- c:\windows\system32\dllcache\msrating.dll 2009-03-08 04:34 109,568 -------- c:\windows\system32\dllcache\occache.dll 2009-03-08 04:33 759,296 -------- c:\windows\system32\dllcache\VGX.dll 2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll 2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll 2009-03-08 04:33 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll 2009-03-08 04:33 229,376 -------- c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll 2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll 2009-03-08 04:33 125,952 -------- c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll 2009-03-08 04:32 72,704 -------- c:\windows\system32\dllcache\admparse.dll 2009-03-08 04:32 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll 2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll 2009-03-08 04:32 71,680 -------- c:\windows\system32\dllcache\iesetup.dll 2009-03-08 04:32 55,808 -------- c:\windows\system32\dllcache\iernonce.dll 2009-03-08 04:32 128,512 -------- c:\windows\system32\dllcache\advpack.dll 2009-03-08 04:32 94,720 -------- c:\windows\system32\dllcache\inseng.dll 2009-03-08 04:32 611,840 -------- c:\windows\system32\dllcache\mstime.dll 2009-03-08 04:31 183,808 -------- c:\windows\system32\dllcache\iepeers.dll 2009-03-08 04:31 348,160 -------- c:\windows\system32\dllcache\dxtmsft.dll 2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll 2009-03-08 04:31 216,064 -------- c:\windows\system32\dllcache\dxtrans.dll 2009-03-08 04:31 34,816 -------- c:\windows\system32\dllcache\imgutil.dll 2009-03-08 04:31 46,592 -------- c:\windows\system32\dllcache\pngfilt.dll 2009-03-08 04:31 66,560 -------- c:\windows\system32\dllcache\mshtmled.dll 2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll 2009-03-08 04:31 48,128 -------- c:\windows\system32\dllcache\mshtmler.dll 2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe 2009-03-08 04:31 45,568 -------- c:\windows\system32\dllcache\mshta.exe 2009-03-08 04:24 68,608 -------- c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll 2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2007-04-05 23:41 1 a------- c:\documents and settings\ender\SI.bin ============= FINISH: 1:07:40.46 =============== The following Malwarebyte's logs are posted in chronological order. Malwarebytes' Anti-Malware 1.36 Database version: 2090 Windows 5.1.2600 Service Pack 3 5/8/2009 2:37:47 AM mbam-log-2009-05-08 (02-37-47).txt Scan type: Full Scan (C:\|G:\|) Objects scanned: 330750 Time elapsed: 1 hour(s), 24 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. ================================================= Malwarebytes' Anti-Malware 1.37 Database version: 2191 Windows 5.1.2600 Service Pack 3 5/29/2009 1:45:16 AM mbam-log-2009-05-29 (01-45-16).txt Scan type: Full Scan (C:\|G:\|) Objects scanned: 338827 Time elapsed: 2 hour(s), 7 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot. Files Infected: c:\WINDOWS\kcsdeb.gkh (Trojan.Gumblar) -> Quarantined and deleted successfully. c:\windows\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot. c:\windows\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot. ===================================================== Malwarebytes' Anti-Malware 1.37 Database version: 2203 Windows 5.1.2600 Service Pack 3 5/31/2009 6:47:53 PM mbam-log-2009-05-31 (18-47-53).txt Scan type: Full Scan (C:\|G:\|) Objects scanned: 315766 Time elapsed: 1 hour(s), 34 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\10.tmp (Trojan.Agent) -> Quarantined and deleted successfully. ======================================================== Again, thank you all for your help and your dedication to assisting the little guy. Regards! Edit: Not sure if it's relevant, but "alg.exe" crashed as soon as I started the free Kaspersky online scan. It's possible a fake ALG was blocking my AVG updates. I will continue to update as new information comes in. This post has been edited by Orange Blossom: Jun 1 2009, 09:40 AM
Reason for edit: Deactivate links to protect readers. ~ OB
Attached File(s)
|
 |
 
|
|
Jun 7 2009, 06:37 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 3,262 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Hi,
Uninstall these vulnerable Javas: Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 4 Java™ 6 Update 5 Java™ 6 Update 7 Java™ SE Runtime Environment 6 Update 1 Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here. Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. Download the latest version of Kaspersky Virus Removal Tool * Close all other applications and double-click and run the installer. * When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button. * If malware is detected, don't remove anything. * After the scan finishes, don't neutralize anything. * In the Scan window click the Reports button and select Save to file. * Name the report AVPT.txt, and save it to the Desktop. * Close AVPTool. * You will be prompted if you want to uninstall the program; click Yes. * You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system. * Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events. Post a fresh dds.txt contents too. -------------------- Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006   Provided malware removal related instructions are meant to be used in the correspondent user's case only. |
|
|
|
|
Jun 7 2009, 12:54 PM
Post
#3
|
|
|
New Member Group: Members Posts: 2 Joined: 1-June 09 Member No.: 337,751 |
I'm sorry, I should have updated my original post. I went ahead and formatted my computer to deal with the little bugger. I appreciate your help and apologize for wasting your time. If a moderator would, please close this ticket.
Regards. |
|
|
|
|
Jun 7 2009, 02:07 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 3,262 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Thanks for letting us know
 Topic is now closed.
-------------------- Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. |
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 07:48 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.