Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus and Just In Time Debugging problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 mb44

mb44

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 17 April 2010 - 07:20 PM

Hello,

For the past week I have had the Google (most search engines) redirect virus. In addition, I have had constant "Just In Time Debugging" Popups. I have tried various attempts to solve this problem with no success (Malwarebytes, AVG, Spybot, TDDSkiller, to name a few). If there is anyone with experience with this problem, I would greatly appreciate your help. Thanks in advance.

Please see DDS Files listed below:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2006 5:12:20 PM
System Uptime: 4/17/2010 6:08:22 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 76.87 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 190 GiB total, 58.967 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1382: 1/18/2010 11:53:49 AM - System Checkpoint
RP1383: 1/19/2010 12:52:47 PM - System Checkpoint
RP1384: 1/20/2010 1:19:48 PM - System Checkpoint
RP1385: 1/21/2010 1:20:59 PM - System Checkpoint
RP1386: 1/22/2010 3:02:00 AM - Software Distribution Service 3.0
RP1387: 1/23/2010 8:33:07 AM - System Checkpoint
RP1388: 1/24/2010 8:55:17 AM - System Checkpoint
RP1389: 1/25/2010 9:13:10 AM - System Checkpoint
RP1390: 1/26/2010 9:24:17 AM - System Checkpoint
RP1391: 1/27/2010 1:24:41 PM - System Checkpoint
RP1392: 1/28/2010 2:57:51 PM - System Checkpoint
RP1393: 1/29/2010 4:06:19 PM - System Checkpoint
RP1394: 1/30/2010 4:41:58 PM - System Checkpoint
RP1395: 1/31/2010 4:58:39 PM - System Checkpoint
RP1396: 2/1/2010 5:31:49 PM - System Checkpoint
RP1397: 2/2/2010 9:54:05 AM - Avg8 Update
RP1398: 2/3/2010 1:53:22 PM - System Checkpoint
RP1399: 2/4/2010 2:03:22 PM - System Checkpoint
RP1400: 2/5/2010 2:41:18 PM - System Checkpoint
RP1401: 2/6/2010 3:30:14 PM - System Checkpoint
RP1402: 2/7/2010 4:16:39 PM - System Checkpoint
RP1403: 2/8/2010 4:21:41 PM - System Checkpoint
RP1404: 2/9/2010 5:19:08 PM - System Checkpoint
RP1405: 2/10/2010 3:01:41 AM - Software Distribution Service 3.0
RP1406: 2/11/2010 3:21:14 AM - System Checkpoint
RP1407: 2/12/2010 4:20:32 AM - System Checkpoint
RP1408: 2/13/2010 4:32:30 AM - System Checkpoint
RP1409: 2/14/2010 4:46:03 AM - System Checkpoint
RP1410: 2/15/2010 5:05:34 AM - System Checkpoint
RP1411: 2/16/2010 6:27:55 AM - System Checkpoint
RP1412: 2/17/2010 7:07:37 AM - System Checkpoint
RP1413: 2/18/2010 8:17:49 AM - System Checkpoint
RP1414: 2/19/2010 3:01:40 AM - Software Distribution Service 3.0
RP1415: 2/20/2010 3:02:20 AM - Software Distribution Service 3.0
RP1416: 2/21/2010 3:08:48 AM - System Checkpoint
RP1417: 2/22/2010 4:30:56 AM - System Checkpoint
RP1418: 2/23/2010 5:34:12 AM - System Checkpoint
RP1419: 2/24/2010 3:01:44 AM - Software Distribution Service 3.0
RP1420: 2/25/2010 3:45:08 AM - System Checkpoint
RP1421: 2/26/2010 4:49:11 AM - System Checkpoint
RP1422: 2/27/2010 5:41:38 AM - System Checkpoint
RP1423: 2/28/2010 7:18:16 AM - System Checkpoint
RP1424: 3/1/2010 7:42:08 AM - System Checkpoint
RP1425: 3/2/2010 8:10:27 AM - System Checkpoint
RP1426: 3/3/2010 9:48:02 AM - System Checkpoint
RP1427: 3/4/2010 9:53:08 AM - System Checkpoint
RP1428: 3/5/2010 11:48:02 AM - System Checkpoint
RP1429: 3/6/2010 11:53:01 AM - System Checkpoint
RP1430: 3/7/2010 12:45:46 PM - System Checkpoint
RP1431: 3/8/2010 1:00:25 PM - System Checkpoint
RP1432: 3/9/2010 9:28:18 AM - Avg8 Update
RP1433: 3/10/2010 10:14:43 AM - System Checkpoint
RP1434: 3/11/2010 3:01:35 AM - Software Distribution Service 3.0
RP1435: 3/12/2010 4:07:55 AM - System Checkpoint
RP1436: 3/13/2010 4:19:17 AM - System Checkpoint
RP1437: 3/14/2010 6:55:53 AM - System Checkpoint
RP1438: 3/15/2010 7:43:02 AM - System Checkpoint
RP1439: 3/16/2010 11:10:48 AM - System Checkpoint
RP1440: 3/17/2010 7:17:59 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1441: 3/17/2010 8:50:56 AM - Restore Operation
RP1442: 3/17/2010 8:54:22 AM - Restore Operation
RP1443: 3/17/2010 7:21:49 PM - Restore Operation
RP1444: 3/18/2010 9:09:21 PM - System Checkpoint
RP1445: 3/19/2010 8:19:18 AM - Avg8 Update
RP1446: 3/19/2010 8:20:18 AM - Avg8 Update
RP1447: 3/20/2010 8:30:32 AM - System Checkpoint
RP1448: 3/21/2010 8:38:59 AM - System Checkpoint
RP1449: 3/22/2010 8:51:38 AM - System Checkpoint
RP1450: 3/23/2010 11:23:11 AM - System Checkpoint
RP1451: 3/24/2010 1:48:52 PM - System Checkpoint
RP1452: 3/25/2010 3:06:09 PM - System Checkpoint
RP1453: 3/26/2010 6:05:42 PM - System Checkpoint
RP1454: 3/27/2010 6:48:27 PM - System Checkpoint
RP1455: 3/28/2010 9:29:55 PM - System Checkpoint
RP1456: 4/4/2010 7:54:42 PM - Software Distribution Service 3.0
RP1457: 4/5/2010 8:07:12 PM - System Checkpoint
RP1458: 4/6/2010 10:34:59 PM - System Checkpoint
RP1459: 4/7/2010 10:53:14 PM - System Checkpoint
RP1460: 4/9/2010 7:13:41 AM - System Checkpoint
RP1461: 4/10/2010 7:28:34 AM - System Checkpoint
RP1462: 4/11/2010 8:24:43 AM - System Checkpoint
RP1463: 4/11/2010 8:44:24 AM - Cleaned registry with Windows Live OneCare safety scanner
RP1464: 4/11/2010 8:49:45 AM - Restore Operation
RP1465: 4/11/2010 9:10:25 AM - Software Distribution Service 3.0
RP1466: 4/11/2010 4:38:05 PM - Restore Operation
RP1467: 4/12/2010 5:26:10 PM - System Checkpoint
RP1468: 4/13/2010 6:07:42 PM - System Checkpoint
RP1469: 4/14/2010 6:49:11 PM - System Checkpoint
RP1470: 4/15/2010 7:20:39 PM - System Checkpoint
RP1471: 4/16/2010 5:52:54 PM - Software Distribution Service 3.0
RP1472: 4/17/2010 6:45:34 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
ATnotes Version 9.5
AutoUpdate
AVG 8.5
Banctec Service Agreement
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon iP1800 series
Canon iP1800 series User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon PhotoRecord
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Music Converter
dBpoweramp Shorten Codec
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
ELIcon
ESPNMotion
GemMaster Mystic
Google
GTOneCare
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HPCarePackCore
HPCarePackProducts
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Malwarebytes' Anti-Malware
Maxtor Manager
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.5
Microsoft Works Setup Launcher
Modem Helper
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Network Magic
Nikon View 6
PowerDVD 5.5
Pure Networks Platform
QuickTime
Seagate DiscWizard
SeaTools for Windows
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Smart Defrag 1.20
Sonic Encoders
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Turbo Lister 2
TweakNow RegCleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
USB Storage Adapter FX (MXO)
Viewpoint Media Player
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

4/17/2010 6:07:02 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/15/2010 10:58:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
4/15/2010 10:58:32 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2010 10:58:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
4/13/2010 9:36:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
4/13/2010 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
4/13/2010 8:36:02 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
4/13/2010 8:36:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
4/13/2010 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
4/13/2010 7:36:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
4/13/2010 7:36:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
4/13/2010 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
4/13/2010 6:36:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
4/13/2010 6:36:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
4/13/2010 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
4/13/2010 5:36:01 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
4/13/2010 5:36:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
4/13/2010 5:00:01 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
4/13/2010 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
4/13/2010 4:36:01 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
4/13/2010 4:36:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
4/13/2010 4:00:01 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
4/13/2010 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
4/13/2010 3:36:03 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
4/13/2010 3:36:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
4/13/2010 3:00:01 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
4/13/2010 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
4/13/2010 2:36:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
4/13/2010 2:36:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
4/13/2010 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
4/13/2010 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
4/13/2010 12:58:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
4/13/2010 12:36:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
4/13/2010 12:36:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
4/13/2010 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
4/13/2010 11:36:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
4/13/2010 11:30:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
4/13/2010 11:23:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
4/13/2010 11:00:32 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
4/13/2010 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
4/13/2010 10:36:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
4/13/2010 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
4/13/2010 1:36:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
4/13/2010 1:36:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
4/13/2010 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
4/13/2010 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
4/12/2010 9:36:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
4/12/2010 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
4/12/2010 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
4/12/2010 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
4/12/2010 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
4/12/2010 11:36:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
4/12/2010 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
4/12/2010 10:36:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
4/12/2010 10:00:03 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
4/11/2010 9:50:34 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did not allow the name to be claimed by this machine.
4/11/2010 8:54:34 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/11/2010 8:54:34 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/11/2010 10:39:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/11/2010 10:39:54 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/11/2010 10:37:56 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/11/2010 10:20:26 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MJB44.
4/10/2010 8:20:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/10/2010 8:06:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2010 8:06:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mel Broad at 19:19:42.06 on Sat 04/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.281 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mel Broad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.espn.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli c:\windows\system32\mefagehu.dll jefosodi.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-15 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-17 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-15 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]

=============== Created Last 30 ================

2010-04-14 15:41:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-14 13:06:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-14 13:06:21 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 04:07:42 0 d-----w- c:\program files\Sophos
2010-04-13 01:27:10 0 d-----w- c:\program files\Trend Micro
2010-04-12 21:37:09 112 ----a-w- c:\docume~1\alluse~1\applic~1\7ubjhJ.dat
2010-04-12 00:53:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 00:53:09 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 00:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 20:42:05 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-11 14:15:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-26 01:51:19 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-04-14 23:31:42 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-04-14 23:31:42 37248 ----a-w- c:\windows\system32\dllcache\isapnp.sys
2010-04-14 15:44:19 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-11 15:36:27 37248 ----a-w- c:\windows\system32\dllcache\isapnp(2).sys
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 22:45:05 24656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-03-10 03:56:53 104 --sh--r- c:\windows\system32\E714E20AFC.sys
2006-03-10 03:56:54 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-20 07:06:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 19:21:52.31 ===============



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 17 April 2010 - 08:15 PM

Hi, mb44 smile.gif

welcome.gif

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. Install the Recovery Console if prompted.
  9. When finished, it will produce a report for you.
  10. Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

-------------------------------------------------------------------------

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 18 April 2010 - 12:30 AM

Hello,

Thanks so much for your assistance. I was able to run the combofix program (see results listed below). Unfortunatley, I didn't have the same success running the GMER scan. It caused my computer to shut down to a blue screen. The message said error caused by "agloapob.sys Page_Fault_In_Nonpaged_Area". Please let me know how you would like me to proceed.

Kind Regards,

Mel



ComboFix 10-04-17.02 - Mel Broad 04/17/2010 21:49:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.189 [GMT -4:00]
Running from: c:\documents and settings\Mel Broad\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MXOALDR .exe
J:\Autorun.inf

Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 01:58 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-18 01:58 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-04-14 15:41 . 2010-04-14 15:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-14 13:06 . 2010-04-17 22:10 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-14 13:06 . 2010-04-14 13:06 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 04:07 . 2010-04-14 04:07 -------- d-----w- c:\program files\Sophos
2010-04-13 01:27 . 2010-04-13 01:27 -------- d-----w- c:\program files\Trend Micro
2010-04-13 00:23 . 2010-04-13 00:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-04-13 00:23 . 2010-04-13 00:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-12 00:53 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 00:53 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 00:53 . 2010-04-12 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 20:42 . 2010-04-11 20:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-11 14:15 . 2010-04-14 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-11 13:06 . 2010-04-11 20:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)
2010-03-26 01:51 . 2010-03-26 01:51 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 01:07 . 2006-03-11 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 23:31 . 2001-08-17 18:58 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-04-14 15:59 . 2009-01-03 05:09 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-14 15:44 . 2004-08-04 03:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-14 08:26 . 2009-12-04 03:35 -------- d-----w- c:\program files\QuickTime
2010-04-14 07:01 . 2008-01-30 04:11 -------- d-----w- c:\program files\iTunes
2010-04-14 00:50 . 2008-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-13 23:49 . 2010-04-12 21:37 112 ----a-w- c:\documents and settings\All Users\Application Data\7ubjhJ.dat
2010-03-28 23:36 . 2008-08-11 22:54 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\ZoomBrowser EX
2010-03-28 23:36 . 2008-08-11 22:53 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\CameraWindowDC
2010-03-28 12:20 . 2006-03-09 03:23 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\AdobeUM
2010-03-26 01:51 . 2009-05-23 00:32 -------- d-----w- c:\program files\Common Files\Apple
2010-03-11 12:38 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet(2)(2).dll
2010-03-11 12:38 . 2005-08-16 09:18 1168384 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2010-03-11 12:38 . 2005-08-16 09:18 105984 ----a-w- c:\windows\system32\url(2)(2).dll
2010-03-11 12:38 . 2005-08-16 09:18 3599872 ----a-w- c:\windows\system32\mshtml(2)(2).dll
2010-03-11 12:38 . 2007-08-13 23:54 6067200 ----a-w- c:\windows\system32\ieframe(2)(2).dll
2010-03-11 12:38 . 2007-08-13 23:34 268288 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2010-03-11 12:38 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2005-08-16 09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 03:52 . 2009-05-15 23:57 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\uTorrent
2010-02-25 22:45 . 2006-06-20 20:31 24656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-24 13:11 . 2006-02-21 18:43 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 12:18 . 2006-03-09 00:02 27632 ----a-w- c:\documents and settings\Mel Broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 03:50 . 2010-02-19 03:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 14:08 . 2005-08-16 09:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2005-08-16 09:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2005-08-16 09:18 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-03-10 03:56 . 2006-03-09 00:02 104 --sh--r- c:\windows\system32\E714E20AFC.sys
2006-03-10 03:56 . 2006-03-09 00:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
CODE
<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Common Files\Seagate\Schedule2\schedhlp .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Maxtor\OneTouch Status\maxmenumgr .exe
c:\program files\QuickTime\qttask       .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [N/A]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
2005-01-05 20:45 1015808 ----a-w- c:\program files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 23:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 19:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
c:\program files\Real\RealPlayer\RealPlay.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Mel Broad\\My Documents\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2008 1:51 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2008 1:51 PM 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/17/2010 9:32 AM 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2009 8:53 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/15/2008 1:51 PM 297752]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-14 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-23 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-17 22:13:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-18 02:13

Pre-Run: 82,412,752,896 bytes free
Post-Run: 82,755,284,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F2E93193EE81656E78C75FEDCED34196


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 18 April 2010 - 01:14 AM

QUOTE
Thanks so much for your assistance. I was able to run the combofix program (see results listed below). Unfortunatley, I didn't have the same success running the GMER scan. It caused my computer to shut down to a blue screen. The message said error caused by "agloapob.sys Page_Fault_In_Nonpaged_Area". Please let me know how you would like me to proceed.

It is cause by GMER's drivers. You must turn Off your Security to run this applications. Select only Sections, Devices, Files and C:\ and try again.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
CODE
RenV::
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Common Files\Seagate\Schedule2\schedhlp .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Maxtor\OneTouch Status\maxmenumgr .exe
c:\program files\QuickTime\qttask       .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Seagate Scheduler2 Service"=-
"mxomssmenu"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

Driver::
MEMSWEEP2




Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Edited by JSntgRvr, 19 April 2010 - 10:24 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 19 April 2010 - 06:10 AM

Hello, I ran the GMER scan again following your instructions. Unfortunately, the computer crashed and went to blue screen again. I could try to run it again if you wish. Also, I haven't yet completed the additional combofix instructions you gave me. I was going to complete that after the GMER scan finished. Please let me know how you would like me to proceed. Thanks again for your assistance.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 19 April 2010 - 10:29 AM

Please run Combofix. I just made some changes in the instructions.

Then verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

  1. Next, please download maxlook, saving the file to your desktop.
  2. Double click maxlook.exe to run it. Note - you must run it only once!
  3. Restart the computer and logon to the Recovery Console.
  4. Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C
  5. batch look.bat
  6. You will see 1 file copied many times then return to the x:\windows> prompt.
  7. Type Exit to restart your computer then logon in normal mode.
  8. Once in Windows, obtain an Internet Connection. This program must download a tool to check files' signatures.
  9. Then go to Start -> Run, copy and paste the following command in the run Box and Click OK
    "%Userprofile%\Desktop\maxlook.exe" -sig
  10. It will produce looklog.txt in the C:\ folder.
  11. Please post the results here.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 19 April 2010 - 01:07 PM

I'll have to check my computer tonight and see if windows recovery console is installed when I restart in safe mode. Should maxlook be run without security/firewall activated? Also, did you need me to run combofix from the beginning? Thanks.

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 19 April 2010 - 01:53 PM

You can install the Recovery Console if unavailable during during Combofix run. If available, you should have a menu at startup:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 19 April 2010 - 02:16 PM

Just to confirm. Do you want me to run the combofix in the windows recovery console mode?

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 19 April 2010 - 03:08 PM

No. When you run Combofix in Normal Mode, you will be asked to install the Recovery Console. At that time, make sure you have an Internet Connection and select Yes. Combofix will install the Recovery Console for you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 19 April 2010 - 07:30 PM

It seems like the redirect problem from my computer is solved. Should I still run the combofix and maxlook?

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 19 April 2010 - 10:39 PM

You still have to go throughout the fix in post #4, so I would say Yes.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 mb44

mb44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 20 April 2010 - 11:27 AM

Thanks for your help. I will be away for a while. I'll try to complete the instructions in post #4 when I return.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 20 April 2010 - 01:23 PM

thumbup2.gif

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:35 AM

Posted 15 May 2010 - 12:51 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users