Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
10 replies to this topic

#1 farmerboy

farmerboy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 March 2011 - 09:23 AM

For several weeks I have had trouble with my Google search results being "jumped" to other sites with advertisements. I can only get to the site I want by clicking on the cached link below the the search result. I have Norton Anti-Virus 2011 installed but this was done after the infection, before that I had an McAfee anti-virus installled. I have run Malwarebytes and SuperAntiSpyware free edition scans, TDSSkiller, WMS removal tool, Stinger, but no resolution. I'm at my wits end with this! Can you help me?
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Neal Hudson at 20:53:30.68 on Sun 03/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.209 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Neal Hudson\Desktop\Defogger.exe
C:\Documents and Settings\Neal Hudson\Desktop\dds.scr
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: ElnkBhoGuard Class: {00000000-0000-0000-0000-000000000002} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ElnkScamBHO Class: {15f4d456-5baa-4076-8486-eecb38cd3e57} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink\toolbar\ElnkPuB.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink\toolbar\ProtctIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink\toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\scansuite\SDetect.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} - hxxp://check.earthlinksecurity.com/SSMEarthLink.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.8496064815
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys [2011-3-12 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys [2011-3-12 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-2-25 800376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys [2011-3-12 136312]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.5.0.125\ccSvcHst.exe [2011-3-12 130000]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110311.001\IDSXpx86.sys [2011-3-12 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110313.002\NAVENG.SYS [2011-3-13 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110313.002\NAVEX15.SYS [2011-3-13 1360760]
S2 gupdate1c9e7b6a4a1e10a;Google Update Service (gupdate1c9e7b6a4a1e10a);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectdriver.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectfilter.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectshim.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectShim.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-6 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-03-13 05:49:35 -------- dc----w- c:\docume~1\nealhu~1\applic~1\SUPERAntiSpyware.com
2011-03-13 04:40:54 -------- dc----w- c:\program files\common files\PC Tools
2011-03-13 04:27:05 -------- dc----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-12 20:55:26 -------- dc----w- c:\docume~1\nealhu~1\locals~1\applic~1\Mozilla
2011-03-12 20:05:54 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-03-12 20:05:54 126512 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-12 20:05:54 -------- dc----w- c:\program files\Symantec
2011-03-12 20:05:40 652336 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys
2011-03-12 20:05:40 509560 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
2011-03-12 20:05:40 50168 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
2011-03-12 20:05:40 368248 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symtdi.sys
2011-03-12 20:05:40 340016 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys
2011-03-12 20:05:40 330360 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symtdiv.sys
2011-03-12 20:05:40 295032 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
2011-03-12 20:05:40 136312 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys
2011-03-12 19:58:18 -------- dc----w- c:\program files\NortonInstaller
2011-03-12 04:39:23 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 04:32:45 -------- dc----w- c:\docume~1\nealhu~1\locals~1\applic~1\Sunbelt Software
2011-03-07 06:24:04 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 06:24:00 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 06:24:00 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 23:01:50 -------- dc----w- c:\docume~1\nealhu~1\applic~1\Tific
2011-03-06 22:52:35 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-03-02 01:44:43 -------- dc----w- c:\windows\system32\drivers\nav\1205000.07D
2011-03-02 01:44:43 -------- dc----w- c:\windows\system32\drivers\NAV
2011-03-02 01:44:14 -------- dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-02-28 23:34:20 -------- dc----w- c:\docume~1\alluse~1\applic~1\aNdFfFm12802
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-03 03:19:39 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:55:39.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 14 March 2011 - 02:50 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 farmerboy

farmerboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 March 2011 - 11:27 PM

Noviciate,
I have successfully run combofix. Here is the log that was generated. I have re-activated my a/v autoprotect and Windows firewall. Please advise me on what to do next.
Thanks

ComboFix 11-03-14.02 - Neal Hudson 03/14/2011 20:55:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.391 [GMT -7:00]
Running from: c:\documents and settings\Neal Hudson\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Neal Hudson\Local Settings\Temporary Internet Files\0K8L66m.jpg
c:\documents and settings\Neal Hudson\Local Settings\Temporary Internet Files\8mjmMyMyP.jpg
c:\documents and settings\Neal Hudson\Local Settings\Temporary Internet Files\A44B4.jpg
c:\documents and settings\Neal Hudson\Local Settings\Temporary Internet Files\ypyl56P.jpg
c:\temp\isgTi19
c:\windows\regedit.com
c:\windows\system32\drivers\fad.sys
c:\windows\system32\eventmgr.exe
c:\windows\system32\nbeagfdc.ini
c:\windows\system32\thdusibl.ini
c:\windows\system32\vjdkyfqm.ini
c:\windows\system32\wjyxiiiq.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-13 05:49 . 2011-03-13 05:49 -------- dc----w- c:\documents and settings\Neal Hudson\Application Data\SUPERAntiSpyware.com
2011-03-13 04:40 . 2011-03-13 04:49 -------- dc----w- c:\program files\Common Files\PC Tools
2011-03-13 04:27 . 2011-03-13 04:48 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-12 20:55 . 2011-03-12 20:55 -------- dc----w- c:\documents and settings\Neal Hudson\Local Settings\Application Data\Mozilla
2011-03-12 20:05 . 2011-03-12 20:05 -------- dc----w- c:\program files\Symantec
2011-03-12 20:05 . 2011-03-12 20:05 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-03-12 20:05 . 2011-03-12 20:05 126512 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-12 19:58 . 2011-03-12 19:58 -------- dc----w- c:\program files\NortonInstaller
2011-03-12 04:39 . 2011-03-12 04:39 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 04:32 . 2011-03-12 04:32 -------- dc----w- c:\documents and settings\Neal Hudson\Local Settings\Application Data\Sunbelt Software
2011-03-07 06:24 . 2010-12-21 02:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 06:24 . 2011-03-07 06:24 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-07 06:24 . 2010-12-21 02:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 23:01 . 2011-03-06 23:01 -------- dc----w- c:\documents and settings\Neal Hudson\Application Data\Tific
2011-03-06 22:52 . 2011-02-03 05:40 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-03-06 22:50 . 2011-03-06 22:50 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-02 01:44 . 2011-03-02 01:44 -------- dc----w- c:\windows\system32\drivers\NAV
2011-03-02 01:44 . 2011-03-02 01:44 -------- dc----w- c:\program files\Windows Sidebar
2011-03-02 01:44 . 2011-03-12 19:11 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2011-02-28 23:34 . 2011-03-02 14:21 -------- dc----w- c:\documents and settings\All Users\Application Data\aNdFfFm12802
2011-02-23 23:10 . 2011-03-12 16:30 -------- dc----w- c:\program files\Windows Live Safety Center
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2002-08-29 11:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 11:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-03 03:19 . 2009-07-11 03:25 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2002-08-29 11:00 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-08-29 11:00 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-08-29 11:00 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-08-29 11:00 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-08-29 11:00 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-08-29 11:00 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-02-07 01:05 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-08-29 11:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-08-29 11:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-08-29 11:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [N/A]
Scanner Detector.lnk - c:\program files\ScanSuite\SDetect.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ProtectionService"=2 (0x2)
"dvpapi"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"iPodService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NAV\1205000.07D\SymDS.sys [3/12/2011 1:05 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1205000.07D\SymEFA.sys [3/12/2011 1:05 PM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2/25/2011 2:59 PM 800376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1205000.07D\Ironx86.sys [3/12/2011 1:05 PM 136312]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [3/12/2011 1:05 PM 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/14/2011 9:26 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110311.001\IDSXpx86.sys [3/12/2011 3:26 PM 341944]
S2 gupdate1c9e7b6a4a1e10a;Google Update Service (gupdate1c9e7b6a4a1e10a);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2009 2:26 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys --> c:\program files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [3/6/2011 11:24 PM 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:26]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 21:26]
.
2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{C02B50EF-D262-461F-A127-4C53620ACCDA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} - hxxp://check.earthlinksecurity.com/SSMEarthLink.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-983948164-1334122810-1794574485-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-14 21:09:44
ComboFix-quarantined-files.txt 2011-03-15 04:09
.
Pre-Run: 50,600,165,376 bytes free
Post-Run: 51,600,613,376 bytes free
.
- - End Of File - - 19361C6F1F0AED44311878F0B0AE7BAB

Attached Files

  • Attached File  log.txt   14.37KB   1 downloads

Edited by Noviciate, 15 March 2011 - 02:44 PM.
Log added


#4 farmerboy

farmerboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 15 March 2011 - 08:59 AM

Also, I have tried several searches with Google and there has been no redirect when clicking on search results. I will run my anti-spyware and a/v programs as a follow up.

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 15 March 2011 - 03:14 PM

Good evening. :)

I think a double-check for leftovers is in order.

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button.
  • If you are running IE for this scan you will be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • If you are using any other browser than IE, you will be prompted to download and run http://www.eset.com/online-scanner-popup/ and the scan will run from within that.
  • Either way that you run the scan, you will need to accept the terms of use to continue.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

* ESET has recently reworked it's website and possibly it's scanner, so the instructions may be slightly inaccurate, although probably not by much. Would you be kind enough to let me know if anything doesn't occur as I listed above and i'll make the necessary changes for the future - ta.

So long, and thanks for all the fish.

 

 


#6 farmerboy

farmerboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 16 March 2011 - 12:14 AM

My PC seems to be running fine, your ESET instructions were in a slightly different order than the current website but were sufficient.
Here are the results of the ESET scan plus another dds scan:

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nbeagfdc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\thdusibl.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vjdkyfqm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wjyxiiiq.ini.vir Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001188.ini Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001189.ini Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001190.ini Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001191.ini Win32/Adware.Virtumonde.NEO application

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Neal Hudson at 21:53:20.74 on Tue 03/15/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.143 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Neal Hudson\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: ElnkBhoGuard Class: {00000000-0000-0000-0000-000000000002} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ElnkScamBHO Class: {15f4d456-5baa-4076-8486-eecb38cd3e57} - c:\program files\earthlink\toolbar\EScamBlk.dll
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\earthlink\toolbar\ElnkPuB.dll
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\earthlink\toolbar\ProtctIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\earthlink\toolbar\uninsttb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\earthlink\toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\scansuite\SDetect.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9E515FE4-2A60-4D08-8E96-CF9A967BE49B} - hxxp://check.earthlinksecurity.com/SSMEarthLink.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38036.8496064815
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys [2011-3-12 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys [2011-3-12 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-2-25 800376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys [2011-3-12 136312]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\18.5.0.125\ccSvcHst.exe [2011-3-12 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110314.004\IDSXpx86.sys [2011-3-15 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110315.002\NAVENG.SYS [2011-3-15 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110315.002\NAVEX15.SYS [2011-3-15 1360760]
S2 gupdate1c9e7b6a4a1e10a;Google Update Service (gupdate1c9e7b6a4a1e10a);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectdriver.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectDriver.sys [?]
S3 EarthLinkSafeConnectFilter;EarthLinkSafeConnectFilter;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectfilter.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectFilter.sys [?]
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim;\??\c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\safeconnectshim.sys --> c:\program files\earthlink\earthlink protection control center\sana\driver\platform_xp\SafeConnectShim.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-6 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-03-16 00:01:41 -------- dc----w- c:\program files\ESET
2011-03-15 03:39:08 -------- dcsha-r- C:\cmdcons
2011-03-15 03:14:39 98816 -c--a-w- c:\windows\sed.exe
2011-03-15 03:14:39 89088 -c--a-w- c:\windows\MBR.exe
2011-03-15 03:14:39 256512 -c--a-w- c:\windows\PEV.exe
2011-03-15 03:14:39 161792 -c--a-w- c:\windows\SWREG.exe
2011-03-13 05:49:35 -------- dc----w- c:\docume~1\nealhu~1\applic~1\SUPERAntiSpyware.com
2011-03-13 04:40:54 -------- dc----w- c:\program files\common files\PC Tools
2011-03-13 04:27:05 -------- dc----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-12 20:55:26 -------- dc----w- c:\docume~1\nealhu~1\locals~1\applic~1\Mozilla
2011-03-12 20:05:54 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2011-03-12 20:05:54 126512 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-12 20:05:54 -------- dc----w- c:\program files\Symantec
2011-03-12 20:05:40 652336 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\SymEFA.sys
2011-03-12 20:05:40 509560 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
2011-03-12 20:05:40 50168 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
2011-03-12 20:05:40 368248 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symtdi.sys
2011-03-12 20:05:40 340016 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\SymDS.sys
2011-03-12 20:05:40 330360 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symtdiv.sys
2011-03-12 20:05:40 295032 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
2011-03-12 20:05:40 136312 -c--a-r- c:\windows\system32\drivers\nav\1205000.07d\Ironx86.sys
2011-03-12 19:58:18 -------- dc----w- c:\program files\NortonInstaller
2011-03-12 04:39:23 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 04:32:45 -------- dc----w- c:\docume~1\nealhu~1\locals~1\applic~1\Sunbelt Software
2011-03-07 06:24:04 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 06:24:00 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 06:24:00 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 23:01:50 -------- dc----w- c:\docume~1\nealhu~1\applic~1\Tific
2011-03-06 22:52:35 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-03-02 01:44:43 -------- dc----w- c:\windows\system32\drivers\nav\1205000.07D
2011-03-02 01:44:43 -------- dc----w- c:\windows\system32\drivers\NAV
2011-03-02 01:44:14 -------- dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-02-28 23:34:20 -------- dc----w- c:\docume~1\alluse~1\applic~1\aNdFfFm12802
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-03 03:19:39 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 21:54:22.65 ===============

Attached Files



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 16 March 2011 - 02:33 PM

Good evening. :)

My PC seems to be running fine, your ESET instructions were in a slightly different order than the current website but were sufficient.

Can you tell me where they differ.

So long, and thanks for all the fish.

 

 


#8 farmerboy

farmerboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 16 March 2011 - 07:13 PM

After clicking on the ESET link in your reply I arrived at tht ESET web page but didn't see the "ESET Online Scanner" button. However I did find "online scanner" at the bottom of the page under "Quick links". After clicking on that button I then clicked on the "ESET Online Scanner" button. The remainder of the instructions are correct.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 17 March 2011 - 03:00 PM

Good evening. :)

Thanks for the info - I did actually run the start of the scan in various browsers to check things, so I obviously had ESET Online overload!

The scan shows nothing of any real interest; some is detections of files that ComboFix has already disabled and quarantined and the rest are items held within System Restore restore points. Assuming you don't run SR and pick a point before the problem was resolved they pose no threat and the space that these restore points occupy will be recycled over time removing any potential threat.

As the PC seems to be behaving itself, i'd say you were done.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here, feel free to uncheck the McAfee download first, or you can update from within the program itself: Help > Check for Updates...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your PC shows some leftovers from a previous version of Java that needs removing.

Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~]

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three (all of which i've used at one time or another) :

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#10 farmerboy

farmerboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 17 March 2011 - 09:33 PM

Thanks so much for your help. Your patience, detailed instructions and professional attitude are a tribute to this computer help site.

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:41 AM

Posted 18 March 2011 - 02:21 PM

Always a pleasure, or thereabouts anyway! :) As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users