Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect Hijacker


  • This topic is locked This topic is locked
2 replies to this topic

#1 gampy

gampy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 18 September 2007 - 01:01 AM

Hi Folks,

I am (was) infected with one of those search engine redirect hijacker bugs. I don't know the proper name for these things, it's a new phenomenon to me.

I just purchased a new PC and foolishly went surfing before making sure my anti-virus / anti-spyware was configured and installed.

Long story short, I was infected. I took the advice of RichieUK who responded to a similar problem experienced by JavaJanet.

I used ComboFix, and SDfix, and all seems well in my universe now. No more redirects to bogus search pages and other crap. My PC seems to run and load pages a lot smoother as well.

Just wanted to say thank you to RichieUK, and JavaJanet. Wheew! I was having serious anxiety until I found this forum. You guys and girls are a godsend, and I love you all! LOL!

Big thank you to the developer(s) of these fixes. Very easy to use, and seem to do what they advertise. MUCHO GRACIAS!

Will post my logs for your perusal and advice.

1: Combofix :




ComboFix 07-09-18 - "user" 2007-09-18 1:41:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.584 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kdjzg.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-18 01:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 01:29 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-18 00:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-18 00:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-18 00:48 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SUPERAntiSpyware.com
2007-09-18 00:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-17 00:13 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-16 03:10 <DIR> d---s---- C:\DOCUME~1\user\UserData
2007-09-14 04:36 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\uTorrent
2007-09-14 02:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-14 02:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-14 02:39 <DIR> d-------- C:\8a8c7ba56c6cb200b7aaf0
2007-09-14 02:13 2,146,304 --------- C:\WINDOWS\UNNMP.exe
2007-09-14 02:12 2,023,424 --------- C:\WINDOWS\UNNeroVision.exe
2007-09-14 02:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-09-14 02:11 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-09-14 02:11 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-09-14 02:11 <DIR> d-------- C:\Program Files\Ahead
2007-09-14 01:52 4,007 --a------ C:\WINDOWS\mozver.dat
2007-09-14 01:45 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Thunderbird
2007-09-14 00:59 <DIR> d-------- C:\Program Files\Security
2007-09-13 16:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-13 16:00 <DIR> d-------- C:\Program Files\uTorrent
2007-09-13 16:00 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-09-13 15:58 <DIR> d-------- C:\Program Files\QuickTime
2007-09-13 15:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-13 15:50 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-09-13 15:17 <DIR> d-------- C:\DOCUME~1\user\Contacts
2007-09-13 15:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-13 15:16 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-13 13:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-13 10:46 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-09-13 10:46 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-13 10:46 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-09-13 10:46 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-13 10:31 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Ahead
2007-09-13 10:26 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\CyberLink
2007-09-13 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-28 12:19 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2007-08-28 11:42 <DIR> d-------- C:\WINDOWS\pss
2007-08-28 11:38 <DIR> d-------- C:\Program Files\Nero
2007-08-28 11:38 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-28 11:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-28 11:11 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-08-28 11:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-28 11:10 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-28 11:10 <DIR> d-------- C:\Program Files\CyberLink
2007-08-28 09:37 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-08-27 18:28 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-27 18:28 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-27 18:27 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-08-27 18:27 2,136,064 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-08-27 18:27 2,015,744 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-08-27 18:26 33,792 --a------ C:\WINDOWS\system32\mmcperf.exe
2007-08-27 18:26 184,320 --a------ C:\WINDOWS\system32\microsoft.managementconsole.dll
2007-08-27 18:26 106,496 --a------ C:\WINDOWS\system32\mmcfxcommon.dll
2007-08-27 18:26 <DIR> d-------- C:\WINDOWS\system32\en
2007-08-27 18:25 <DIR> d-------- C:\Program Files\MSBuild
2007-08-27 18:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-27 18:21 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-27 18:21 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-27 18:18 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-08-27 18:18 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-08-27 18:18 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-08-27 18:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-27 18:11 453,120 --a--c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-08-27 18:11 30,080 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2007-08-27 18:11 27,648 --a--c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2007-08-27 18:11 20,608 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
2007-08-27 18:11 17,152 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-08-27 18:11 163,840 --a--c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2007-08-27 18:11 143,360 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2007-08-27 18:00 28,672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-08-27 17:59 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-27 17:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-27 17:59 <DIR> d-------- C:\Program Files\Microsoft USB Flash Drive Manager
2007-08-27 17:58 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-08-27 17:58 <DIR> d-------- C:\Program Files\UPHClean
2007-08-27 17:58 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2007-08-27 17:58 <DIR> d-------- C:\DECCHECK
2007-08-27 17:55 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-27 17:52 35 --a------ C:\WINDOWS\system\red_w2k.bat
2007-08-27 17:52 32 --a------ C:\WINDOWS\system\redwing.bat
2007-08-27 17:48 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-27 17:41 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 17:41 <DIR> d-------- C:\Program Files\Realtek
2007-08-27 17:38 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-27 17:38 <DIR> d-------- C:\WINDOWS\nview
2007-08-27 17:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-08-27 17:35 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2007-08-27 17:32 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-08-27 17:31 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-27 17:31 110,592 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-08-27 17:24 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-27 17:24 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\InstallShield
2007-08-27 17:23 <DIR> d-------- C:\NVIDIA
2007-08-27 17:05 <DIR> d-------- C:\Redwing
2007-08-27 17:04 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-27 12:35 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-27 12:34 74,240 --a------ C:\WINDOWS\system32\usbui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-27 17:41 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-27 16:44 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-18 19:26 4547584 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-07-05 16:08 16380416 --a------ C:\WINDOWS\RTHDCPL.exe
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-28 16:44 2165760 --a------ C:\WINDOWS\MicCal.exe
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16:08 C:\WINDOWS\RTHDCPL.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 09:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 01:43:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 1:44:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 01:44
.
--- E O F ---


2: SDfix :

SDFix: Version 1.105

Run by user on Tue 09/18/2007 at 01:30 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished!





Hope you guys can make sense of this...it's all greek to me. I hope my infection is gone, it SEEMS to be, key word, SEEMS.

Have not experienced any more of those nagging redirects, but would appreciate any advice on how to avoid another infection. Where do these things come from? Any links or info on them?

Thanks again folks. I really appreciate the help. Even if it is second hand.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:34 PM

Posted 28 September 2007 - 12:55 PM

Hello gampy

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please let me know.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:34 PM

Posted 08 October 2007 - 10:59 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users