Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus from variety of search engines (e.g., google, bing, yahoo)


  • This topic is locked This topic is locked
7 replies to this topic

#1 saraskates8s

saraskates8s

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 June 2009 - 10:22 AM

I have had a search engine redirect virus for some time. Inititally I thought it was the "google redirect" virus, so I started playing with other search engines (Bing, Yahoo) from both Firefox and IE, but I get redirected on all search hits through those engines too. I disabled PrevX software, Spybot software, and AVG software, ran Malwarebyte's Anti-malware which identified 5 things to remove - most it couldn't remove until reboot - but the reboot did not remove them. I ran Hijack This, which directed me to here and to the DDS tool.

Thanks in advance - Sara.

The DDS log is as follows:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sara at 11:07:36.18 on Sat 06/27/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1446 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}

============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\McAfee\Common Framework\UdaterUI.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\WINDOWS\RTHDCPL.EXE
J:\Program Files\McAfee\Common Framework\McTray.exe
J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
J:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe
J:\Program Files\Java\jre6\bin\jusched.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Documents and Settings\Sara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
J:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\svchost.exe -k hpdevmgmt
J:\Program Files\Java\jre6\bin\jqs.exe
J:\PROGRA~1\AVG\AVG8\avgrsx.exe
J:\PROGRA~1\AVG\AVG8\avgnsx.exe
J:\Program Files\McAfee\Common Framework\FrameworkService.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\WINDOWS\System32\svchost.exe -k HPZ12
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\System32\svchost.exe -k HPZ12
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\PROGRA~1\AVG\AVG8\avgemc.exe
J:\Program Files\AVG\AVG8\avgcsrvx.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\system32\rundll32.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe
J:\WINDOWS\system32\NOTEPAD.EXE
J:\Program Files\Internet Explorer\IEXPLORE.EXE
J:\Documents and Settings\Sara\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.frontiernet.net
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: N/A: {38e77f06-89fc-44f5-b3ab-11ddeb791947} - j:\program files\frontiersh\srchhelp\frSrcAs.dll
mURLSearchHooks: N/A: {38e77f06-89fc-44f5-b3ab-11ddeb791947} - j:\program files\frontiersh\srchhelp\frSrcAs.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: : {38e77f01-89fc-44f5-b3ab-11ddeb791947} - j:\program files\frontiersh\srchhelp\frSrcAs.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - j:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - j:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - j:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - j:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - j:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - j:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - j:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - j:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - j:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] j:\windows\system32\ctfmon.exe
uRun: [EA Core] "j:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "j:\documents and settings\sara\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] j:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] j:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] j:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [McAfeeUpdaterUI] "j:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [NvCplDaemon] RUNDLL32.EXE j:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE j:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [HP Software Update] j:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "j:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FlyMonitor] "j:\program files\leapfrog\flyworld\bin\FlyMonitor.exe"
mRun: [Frontier Search Helper] rundll32 j:\progra~1\fronti~1\srchhelp\frSrcAs.dll,S
mRun: [AppleSyncNotifier] j:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG8_TRAY] j:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "j:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "j:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "j:\program files\itunes\iTunesHelper.exe"
StartupFolder: j:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - j:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - j:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - j:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - j:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - j:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - j:\program files\spybot - search & destroy\SDHelper.dll
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212432482984
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - j:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - j:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - j:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - j:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - j:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - j:\docume~1\sara\applic~1\mozilla\firefox\profiles\nfwlm35n.default\
FF - prefs.js: browser.startup.homepage - mymail.rit.edu
FF - component: j:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: j:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: j:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: j:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: j:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: j:\documents and settings\sara\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: j:\documents and settings\sara\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - j:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 pxrts;pxrts;j:\windows\system32\drivers\pxrts.sys [2009-1-30 16904]
R0 pxscan;pxscan;j:\windows\system32\drivers\pxscan.sys [2009-1-30 22024]
R0 pxsec;pxsec;j:\windows\system32\drivers\pxsec.sys [2009-4-18 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;j:\windows\system32\drivers\avgldx86.sys [2009-1-2 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;j:\windows\system32\drivers\avgmfx86.sys [2009-1-2 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;j:\windows\system32\drivers\avgtdix.sys [2009-1-2 108552]
R1 SASDIFSV;SASDIFSV;j:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 9968]
R1 SASKUTIL;SASKUTIL;j:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 aawservice;Lavasoft Ad-Aware Service;j:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;j:\progra~1\avg\avg8\avgemc.exe [2009-1-2 906520]
R2 avg8wd;AVG Free8 WatchDog;j:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-2 298776]
R2 McAfeeFramework;McAfee Framework Service;j:\program files\mcafee\common framework\FrameworkService.exe [2008-5-30 104000]
R3 SASENUM;SASENUM;j:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S1 mferkdk;VSCore mferkdk;\??\j:\program files\mcafee\virusscan enterprise\mferkdk.sys --> j:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 CSIScanner;CSIScanner;j:\program files\prevxcsi\prevxcsi.exe [2009-1-3 4368952]
S3 FlyUsb;FLY Fusion;j:\windows\system32\drivers\FlyUsb.sys [2008-5-31 18560]
S3 usbvm328;HP Camera;j:\windows\system32\drivers\usbvm326.sys [2008-9-18 219648]
S3 vmfilter323;VC0326 filter service for Serome;j:\windows\system32\drivers\vmfilter323.sys [2008-9-18 475264]

=============== Created Last 30 ================

2009-06-27 00:13 <DIR> --d----- j:\program files\Yahoo!
2009-06-27 00:13 <DIR> --d----- j:\program files\CCleaner
2009-06-24 20:26 <DIR> --d-h--- j:\windows\system32\GroupPolicy
2009-06-23 09:54 <DIR> --d----- j:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-12 23:47 <DIR> --d----- j:\program files\iPod
2009-06-12 23:47 <DIR> --d----- j:\program files\iTunes
2009-06-04 15:25 1,440,054 a------- J:\chobit.bmp
2009-05-31 09:52 <DIR> --d----- j:\program files\Cat Daddy Games

==================== Find3M ====================

2009-06-24 19:22 27,656 a------- j:\windows\system32\drivers\pxsec.sys
2009-06-24 19:22 22,024 a------- j:\windows\system32\drivers\pxscan.sys
2009-06-23 09:53 327,688 a------- j:\windows\system32\drivers\avgldx86.sys
2009-06-23 09:53 11,952 a------- j:\windows\system32\avgrsstx.dll
2009-06-05 11:42 2,060,288 a------- j:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- j:\windows\system32\drivers\usbaapl.sys
2009-05-16 08:48 108,552 a------- j:\windows\system32\drivers\avgtdix.sys
2009-04-19 17:52 410,984 a------- j:\windows\system32\deploytk.dll

============= FINISH: 11:09:02.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 saraskates8s

saraskates8s
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 June 2009 - 12:50 PM

I also should mention two things:

1 - that I have run "Find" on GooredFix.exe and here is the log it creates:

GooredFix v1.92 by jpshortstuff
Log created at 13:42 on 27/06/2009 running Option #1 (Sara)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="J:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="J:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"avg@igeared"="J:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="J:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="J:\Program Files\AVG\AVG8\Firefox"


And 2, I have run CCCleaner, and here is that log (though I did not have it clear the Firefox cache as I was busy composing this post at the same time):

CLEANING COMPLETE - (4.849 secs)
------------------------------------------------------------------------------------------
57.3MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (737 files) 11.4MB
Marked for deletion: J:\Documents and Settings\Sara\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: J:\Documents and Settings\Sara\Cookies\index.dat
Marked for deletion: J:\Documents and Settings\Sara\Local Settings\History\History.IE5\index.dat
Emptied Recycle Bin (1 files) 10.42KB
J:\WINDOWS\TEMP\hpqddsvc.log 1.57KB
J:\Documents and Settings\Sara\Local Settings\Temp\Arabic.bin 20.48KB
J:\Documents and Settings\Sara\Local Settings\Temp\Czech.bin 23.74KB
J:\Documents and Settings\Sara\Local Settings\Temp\Danish.bin 22.25KB
J:\Documents and Settings\Sara\Local Settings\Temp\Dutch.bin 25.14KB
J:\Documents and Settings\Sara\Local Settings\Temp\EAD2.exe 4.27MB
J:\Documents and Settings\Sara\Local Settings\Temp\EAD2.tmp 0 bytes
J:\Documents and Settings\Sara\Local Settings\Temp\EAD3.exe 0.49MB
J:\Documents and Settings\Sara\Local Settings\Temp\EAD3.tmp 0 bytes
J:\Documents and Settings\Sara\Local Settings\Temp\EAD4.exe 0.27MB
J:\Documents and Settings\Sara\Local Settings\Temp\EAD4.tmp 0 bytes
J:\Documents and Settings\Sara\Local Settings\Temp\EAD5.exe 0.50MB
J:\Documents and Settings\Sara\Local Settings\Temp\EAD5.tmp 0 bytes
J:\Documents and Settings\Sara\Local Settings\Temp\English.bin 21.40KB
J:\Documents and Settings\Sara\Local Settings\Temp\Finnish.bin 22.32KB
J:\Documents and Settings\Sara\Local Settings\Temp\French.bin 26.60KB
J:\Documents and Settings\Sara\Local Settings\Temp\German.bin 25.15KB
J:\Documents and Settings\Sara\Local Settings\Temp\Greek.bin 24.49KB
J:\Documents and Settings\Sara\Local Settings\Temp\Hebrew.bin 19.09KB
J:\Documents and Settings\Sara\Local Settings\Temp\Hungarian.bin 25.47KB
J:\Documents and Settings\Sara\Local Settings\Temp\Italian.bin 26.77KB
J:\Documents and Settings\Sara\Local Settings\Temp\Japanese.bin 23.73KB
J:\Documents and Settings\Sara\Local Settings\Temp\jusched.log 1.57KB
J:\Documents and Settings\Sara\Local Settings\Temp\Korean.bin 19.66KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR3.tmp 1.31KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR4.tmp 1.25KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR5.tmp 1.31KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR6.tmp 1.25KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR7.tmp 1.31KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR8.tmp 1.25KB
J:\Documents and Settings\Sara\Local Settings\Temp\MAR9.tmp 1.31KB
J:\Documents and Settings\Sara\Local Settings\Temp\MARA.tmp 1.25KB
J:\Documents and Settings\Sara\Local Settings\Temp\Norwegian.bin 21.45KB
J:\Documents and Settings\Sara\Local Settings\Temp\Polish.bin 23.65KB
J:\Documents and Settings\Sara\Local Settings\Temp\Portuguese(Brazil).bin 24.48KB
J:\Documents and Settings\Sara\Local Settings\Temp\Portuguese.bin 25.64KB
J:\Documents and Settings\Sara\Local Settings\Temp\Russian.bin 25.51KB
J:\Documents and Settings\Sara\Local Settings\Temp\SimChin.bin 16.02KB
J:\Documents and Settings\Sara\Local Settings\Temp\Spanish.bin 27.10KB
J:\Documents and Settings\Sara\Local Settings\Temp\SSUPDATE.EXE 0.15MB
J:\Documents and Settings\Sara\Local Settings\Temp\SWEDISH.bin 23.52KB
J:\Documents and Settings\Sara\Local Settings\Temp\Thai.bin 21.46KB
J:\Documents and Settings\Sara\Local Settings\Temp\TradChin.bin 16.55KB
J:\Documents and Settings\Sara\Local Settings\Temp\Turkish.bin 21.73KB
J:\Documents and Settings\Sara\Local Settings\Temp\~DF38C2.tmp 0.30MB
J:\Documents and Settings\Sara\Local Settings\Temp\~DFD35F.tmp 0.30MB
Firefox/Mozilla cache cleaning was skipped.
J:\Documents and Settings\Sara\Application Data\Macromedia\Flash Player\#SharedObjects\MJW26WBT\mail.google.com\wakeup.sol 37 bytes
J:\Documents and Settings\Sara\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com\settings.sol 85 bytes
J:\Documents and Settings\Sara\Application Data\Macromedia\Flash Player\#SharedObjects\MJW26WBT\s.ytimg.com\soundData.sol 49 bytes
J:\Documents and Settings\Sara\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log 0.67MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log 0.46MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log 73.11KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log 0.53MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log 0.34MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log 41.14KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log 0.66MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log 7.08KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log 36.96KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgupd.log 77.92KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log 0.29MB
J:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log 15.14KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log 5.04KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\fixcfg.log 542 bytes
J:\Documents and Settings\All Users\Application Data\avg8\scanlogs\I_00000161.log 53.85KB
J:\Documents and Settings\All Users\Application Data\avg8\Log\history.xml 2.87KB
J:\Documents and Settings\All Users\Application Data\avg8\update\backup\incavi.avm 35.8MB
J:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log 1.87KB
------------------------------------------------------------------------------------------

thanks!

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:50 AM

Posted 27 June 2009 - 12:59 PM

Hello saraskates8s,

Posted Image

Please go ahead and delete GooredFix. :thumbup2:

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to saraskates.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 saraskates8s

saraskates8s
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 June 2009 - 05:43 PM

Thanks for helping me!

*I unselected the teatime thing in Spybot
*I uninstalled PrevX and AVG since Combofix said that they would interfere (badly and dangerously)
*I ran Combofix and then ran HijackThis. The two log files are below.

Thanks in advance!

the ComboFix log:

ComboFix 09-06-26.02 - Sara 06/27/2009 18:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1620 [GMT -4:00]
Running from: j:\documents and settings\Sara\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Prevx Edge *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Desktop.ini
j:\windows\system32\drivers\SKYNETfufdsldu.sys
j:\windows\system32\SelfDel.bat
j:\windows\system32\SKYNETlxeqwqka.dll
j:\windows\system32\SKYNETnlpvcpog.dat
j:\windows\system32\SKYNETpbvocnbv.dll
j:\windows\system32\SKYNETytrbonop.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxroieqyj


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 04:13 . 2009-06-27 11:44 -------- d-----w- j:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-27 04:13 . 2009-06-27 04:13 -------- d-----w- j:\documents and settings\Sara\Application Data\Yahoo!
2009-06-27 04:13 . 2009-06-27 04:13 -------- d-----w- j:\program files\Yahoo!
2009-06-27 04:13 . 2009-06-27 04:13 -------- d-----w- j:\program files\CCleaner
2009-06-25 00:26 . 2009-06-25 00:26 -------- d--h--w- j:\windows\system32\GroupPolicy
2009-06-23 21:29 . 2009-06-23 21:29 -------- d-----w- j:\documents and settings\Sara\Local Settings\Application Data\AVG Security Toolbar
2009-06-23 18:36 . 2009-06-23 18:36 -------- d-----w- j:\documents and settings\Hannah\Local Settings\Application Data\AVG Security Toolbar
2009-06-23 18:27 . 2009-06-14 20:07 1004800 ----a-w- j:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-23 13:54 . 2009-06-27 21:46 -------- d-----w- j:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-23 13:54 . 2009-06-23 13:54 -------- d-----w- j:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-13 03:47 . 2009-06-13 03:47 -------- d-----w- j:\program files\iPod
2009-06-13 03:47 . 2009-06-13 03:47 -------- d-----w- j:\program files\iTunes
2009-06-13 03:39 . 2009-06-13 03:39 75048 ----a-w- j:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 13:52 . 2009-05-31 13:52 -------- d-----w- j:\program files\Cat Daddy Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 21:54 . 2009-01-02 19:41 -------- d-----w- j:\documents and settings\All Users\Application Data\avg8
2009-06-27 21:42 . 2009-05-10 04:09 -------- d-----w- j:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-27 14:59 . 2009-04-18 12:03 117760 ----a-w- j:\documents and settings\Sara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 11:42 . 2008-12-29 15:57 -------- d-----w- j:\program files\SUPERAntiSpyware
2009-06-26 04:02 . 2008-06-04 06:01 -------- d-----w- j:\documents and settings\Sara\Application Data\Skype
2009-06-26 03:00 . 2008-06-04 06:15 -------- d-----w- j:\documents and settings\Sara\Application Data\skypePM
2009-06-23 13:53 . 2009-01-02 19:41 11952 ----a-w- j:\windows\system32\avgrsstx.dll
2009-06-23 13:53 . 2009-01-02 19:41 27784 ----a-w- j:\windows\system32\drivers\avgmfx86.sys
2009-06-23 13:53 . 2009-01-02 19:41 327688 ----a-w- j:\windows\system32\drivers\avgldx86.sys
2009-06-21 10:34 . 2009-05-16 19:26 -------- d-----w- j:\program files\Vet Emergency
2009-06-13 16:11 . 2008-06-02 02:52 -------- d-----w- j:\documents and settings\All Users\Application Data\Apple
2009-06-13 03:47 . 2008-06-02 02:52 -------- d-----w- j:\program files\Common Files\Apple
2009-06-13 03:46 . 2008-06-02 02:53 -------- d-----w- j:\program files\QuickTime
2009-06-08 22:59 . 2008-08-20 20:03 68840 ----a-w- j:\documents and settings\Hannah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 15:42 . 2009-03-31 13:11 39424 ----a-w- j:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-03-31 13:11 2060288 ----a-w- j:\windows\system32\usbaaplrc.dll
2009-05-31 13:52 . 2008-05-31 19:05 -------- d--h--w- j:\program files\InstallShield Installation Information
2009-05-25 17:14 . 2009-05-25 17:14 -------- d-----w- j:\documents and settings\Hannah\Application Data\Malwarebytes
2009-05-24 23:00 . 2009-05-22 23:06 -------- d-----w- j:\program files\Moon Tycoon
2009-05-19 11:56 . 2009-01-03 14:50 -------- d-----w- j:\documents and settings\Terry\Application Data\AVGTOOLBAR
2009-05-16 12:48 . 2009-01-02 19:41 108552 ----a-w- j:\windows\system32\drivers\avgtdix.sys
2009-05-12 02:35 . 2009-05-12 02:35 -------- d-----w- j:\documents and settings\Terry\Application Data\AVS4YOU
2009-05-12 02:35 . 2009-05-12 02:35 -------- d-----w- j:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-12 02:35 . 2009-05-12 02:34 -------- d-----w- j:\program files\AVS4YOU
2009-05-12 02:34 . 2009-05-12 02:34 -------- d-----w- j:\program files\Common Files\AVSMedia
2009-05-11 17:36 . 2008-08-17 23:53 68840 ----a-w- j:\documents and settings\Terry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 04:11 . 2009-05-10 04:09 -------- d-----w- j:\program files\Spybot - Search & Destroy
2009-05-10 03:54 . 2009-05-10 03:54 -------- d-----w- j:\documents and settings\Sara\Application Data\Malwarebytes
2009-05-10 03:54 . 2009-05-10 03:54 -------- d-----w- j:\program files\Malwarebytes' Anti-Malware
2009-05-10 03:54 . 2009-05-10 03:54 -------- d-----w- j:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 00:14 . 2008-05-30 06:20 68840 ----a-w- j:\documents and settings\Sara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 21:52 . 2009-04-19 21:52 410984 ----a-w- j:\windows\system32\deploytk.dll
2009-04-19 21:51 . 2009-04-19 21:51 152576 ----a-w- j:\documents and settings\Sara\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-06 19:32 . 2009-05-10 03:54 38496 ----a-w- j:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-05-10 03:54 15504 ----a-w- j:\windows\system32\drivers\mbam.sys
2009-04-05 12:24 . 2009-01-30 18:55 16904 ----a-w- j:\windows\system32\drivers\pxrts.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-10_03.46.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 22:22 . 2009-06-27 22:22 16384 j:\windows\Temp\Perflib_Perfdata_774.dat
+ 2009-05-12 02:34 . 2009-01-29 00:49 24576 j:\windows\system32\msxml3a.dll
+ 2009-06-13 00:56 . 2009-06-13 00:56 84661 j:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-11 03:08 . 2009-06-21 22:37 88590 j:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-06-13 03:44 . 2009-06-05 15:42 39424 j:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-06-13 03:44 . 2009-06-05 15:42 17408 j:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
- 2008-05-30 06:16 . 2009-04-18 11:10 32768 j:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 06:16 . 2009-06-27 14:59 32768 j:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-30 06:16 . 2009-06-27 14:59 32768 j:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-30 06:16 . 2009-04-18 11:10 32768 j:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-30 06:16 . 2009-06-27 14:59 32768 j:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-30 06:16 . 2009-04-18 11:10 32768 j:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-12 02:34 . 2009-01-29 00:49 487424 j:\windows\system32\msvcp70.dll
+ 2009-05-12 02:34 . 2009-01-29 00:49 974848 j:\windows\system32\mfc70.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 j:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 j:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2009-06-13 03:47 . 2009-06-13 03:47 102400 j:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 j:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-06-13 03:44 . 2009-06-05 15:42 2060288 j:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-06-13 03:44 . 2009-06-05 15:42 1419232 j:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- j:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="j:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="j:\program files\Electronic Arts\EADM\Core.exe" [2009-02-06 3325952]
"Google Update"="j:\documents and settings\Sara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-15 133104]
"swg"="j:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 68856]
"SUPERAntiSpyware"="j:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-27 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="j:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"NvCplDaemon"="j:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="j:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"HP Software Update"="j:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="j:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"FlyMonitor"="j:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2008-05-13 664904]
"Frontier Search Helper"="j:\progra~1\FRONTI~1\SrchHelp\frSrcAs.dll" [2006-03-24 94208]
"AppleSyncNotifier"="j:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"AVG8_TRAY"="j:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"SunJavaUpdateSched"="j:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"QuickTime Task"="j:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="j:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"nwiz"="nwiz.exe" - j:\windows\system32\nwiz.exe [2007-12-05 1626112]
"RTHDCPL"="RTHDCPL.EXE" - j:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - j:\windows\SkyTel.exe [2006-05-17 2879488]

j:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - j:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-12 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "j:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 19:38 356352 ----a-w- j:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 13:53 11952 ----a-w- j:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"j:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"j:\\Program Files\\SecondLife\\SLVoice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"j:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYMonitor.exe"=
"j:\\Program Files\\LeapFrog\\FlyWorld\\bin\\FLYWorld.exe"=
"j:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"j:\\Program Files\\Messenger\\msmsgs.exe"=
"j:\\Documents and Settings\\Sara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"j:\\Documents and Settings\\Sara\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"j:\\WINDOWS\\RTHDCPL.exe"=
"j:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"j:\\Program Files\\iPod\\bin\\iPodService.exe"=
"j:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"j:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"j:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"j:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"j:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"j:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"j:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"j:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"j:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"j:\\Program Files\\iTunes\\iTunes.exe"=
"j:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;j:\windows\system32\drivers\avgldx86.sys [1/2/2009 3:41 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;j:\windows\system32\drivers\avgtdix.sys [1/2/2009 3:41 PM 108552]
R1 SASDIFSV;SASDIFSV;j:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;j:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;j:\progra~1\AVG\AVG8\avgemc.exe [1/2/2009 3:41 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;j:\progra~1\AVG\AVG8\avgwdsvc.exe [1/2/2009 3:41 PM 298776]
S3 FlyUsb;FLY Fusion;j:\windows\system32\drivers\FlyUsb.sys [5/31/2008 7:49 PM 18560]
S3 SASENUM;SASENUM;j:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 usbvm328;HP Camera;j:\windows\system32\drivers\usbvm326.sys [9/18/2008 10:36 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;j:\windows\system32\drivers\vmfilter323.sys [9/18/2008 10:36 PM 475264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
j:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 j:\windows\Tasks\AppleSoftwareUpdate.job
- j:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-27 j:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1482476501-839522115-1003.job
- j:\documents and settings\Sara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-15 04:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.frontiernet.net
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - j:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - j:\documents and settings\Sara\Application Data\Mozilla\Firefox\Profiles\nfwlm35n.default\
FF - prefs.js: browser.startup.homepage - mymail.rit.edu
FF - component: j:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: j:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: j:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: j:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: j:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: j:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: j:\documents and settings\Sara\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: j:\documents and settings\Sara\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 18:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-1482476501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5d,b6,98,7b,d0,ab,c3,08,f7,ac,ef,f2,ef,51,c5,83,8e,3d,3b,fc,b4,
d0,18,e7,21,46,ae,c5,00,42,09,96,a9,1e,f4,32,0a,f7,3a,2c,6c,63,57,18,7a,b1,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="j:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32]
@DACL=(02 0000)
@="j:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="j:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32]
@DACL=(02 0000)
@="j:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSBAR.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32]
@DACL=(02 0000)
@="j:\\WINDOWS\\SYSTEM32\\MLJARPFF.DLL"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
j:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-06-27 18:31
ComboFix-quarantined-files.txt 2009-06-27 22:30
ComboFix2.txt 2009-05-10 03:50

Pre-Run: 61,308,375,040 bytes free
Post-Run: 65,680,498,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

277 --- E O F --- 2008-12-27 08:01





and the HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:04 PM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Java\jre6\bin\jqs.exe
J:\Program Files\McAfee\Common Framework\FrameworkService.exe
J:\PROGRA~1\AVG\AVG8\avgrsx.exe
J:\PROGRA~1\AVG\AVG8\avgnsx.exe
J:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\PROGRA~1\AVG\AVG8\avgemc.exe
J:\Program Files\AVG\AVG8\avgcsrvx.exe
J:\WINDOWS\system32\notepad.exe
J:\WINDOWS\system32\imapi.exe
J:\WINDOWS\explorer.exe
J:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{38E77F06-89FC-44f5-B3AB-11DDEB791947} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {38E77F06-89FC-44f5-B3AB-11DDEB791947} - J:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - J:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - J:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - J:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - J:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - J:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - J:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - J:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - J:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - J:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - J:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - J:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "J:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FlyMonitor] "J:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe"
O4 - HKLM\..\Run: [Frontier Search Helper] rundll32 J:\PROGRA~1\FRONTI~1\SrchHelp\frSrcAs.dll,S
O4 - HKLM\..\Run: [AppleSyncNotifier] J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] J:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "J:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Google Update] "J:\Documents and Settings\Sara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] J:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = J:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - J:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - J:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212432482984
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E28EF688-E113-46F7-A61B-59E7C0C5F6C5}: Domain = domain.invalid
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - J:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - J:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - J:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - J:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - J:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - J:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - J:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - J:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - J:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - J:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9734 bytes

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:50 AM

Posted 27 June 2009 - 05:50 PM

Hello there,

That's looking much better.....how is it running now please? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 saraskates8s

saraskates8s
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 27 June 2009 - 06:46 PM

Hello there,

That's looking much better.....how is it running now please? :thumbup2:


oooh - Thank you! So far it seems to be running fine. I'll sit with it for a few days, and will post again if it starts acting up again.

Cheers - Sara

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:50 AM

Posted 27 June 2009 - 06:55 PM

Hello Sara,

Excellent to know, and you're most welcome. :)

For now, please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Let me know when you know. :thumbup2:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:50 AM

Posted 02 July 2009 - 11:09 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users