Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDDS, 'killed' it with MBAM, but googel search hits keep redirecting


  • This topic is locked This topic is locked
8 replies to this topic

#1 PVG

PVG

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 12 June 2011 - 01:18 PM

2 weeks ago, i got infected by a malware thing that kept saying 'harddisk error'and stuff like that. I found a topic on your website that matched the symptoms and followed that. Malwarebytes anti-malware did stop the fake error messages but now my google search hits (IE, chrome) keep redirecting to unrelated websites (such as blaggy.us, candelaspa.com etc...)
Hope someone of you can help me.


my DDS log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Van Genechten at 18:47:00 on 2011-06-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.906 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Van Genechten\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Van Genechten\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Van Genechten\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Van Genechten\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Van Genechten\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Van Genechten\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.joker-online.be/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - c:\program files\messenger_plus_live_belgium\tbMess.dll
mURLSearchHooks: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - c:\program files\messenger_plus_live_belgium\tbMess.dll
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - c:\program files\messenger_plus_live_belgium\tbMess.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - c:\program files\messenger_plus_live_belgium\tbMess.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\van genechten\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\vangen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\van genechten\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\vangen~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{11D481DB-3271-47BA-A0C0-10EFCFF82B3C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{12B8D224-7B06-4A15-A389-A68942A66354} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1C2B928B-A078-46A7-A52F-C1E0E38D9851} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{74E00A60-3F51-4A50-B8ED-B42BE5E27E90} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\van genechten\appdata\roaming\mozilla\firefox\profiles\42n95sai.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.joker-online.be/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\van genechten\appdata\roaming\mozilla\firefox\profiles\42n95sai.default\extensions\{d1a1c8f1-e3d9-48df-802f-20201061ef61}\components\FFExternalAlert.dll
FF - component: c:\users\van genechten\appdata\roaming\mozilla\firefox\profiles\42n95sai.default\extensions\{d1a1c8f1-e3d9-48df-802f-20201061ef61}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\van genechten\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-11 307928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-26 185089]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-11 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-11 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 42184]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-26 56816]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-26 21504]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-1-13 5120]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-15 552448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-12 11:56:08 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-11 21:29:17 -------- d-s---w- C:\ComboFix
2011-06-11 15:38:46 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-11 15:38:43 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-11 15:38:02 40112 ----a-w- c:\windows\avastSS.scr
2011-06-11 15:37:49 -------- d-----w- c:\programdata\AVAST Software
2011-06-11 15:37:49 -------- d-----w- c:\program files\AVAST Software
2011-06-11 11:44:14 -------- d-----w- c:\users\van genechten\appdata\roaming\SUPERAntiSpyware.com
2011-06-11 11:44:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-11 11:43:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 22:59:22 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-10 22:58:52 -------- d-----w- c:\programdata\Hitman Pro
2011-06-10 10:31:04 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0f5a5d1-ba74-4552-8dc2-25bcf9c24009}\mpengine.dll
2011-05-25 08:28:52 -------- d-----w- c:\users\van genechten\appdata\roaming\NVIDIA
2011-05-25 08:28:49 -------- d-sh--w- c:\programdata\DSS
2011-05-23 10:14:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-23 10:14:40 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-23 09:56:40 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-21 13:41:02 -------- d-----w- c:\users\van genechten\appdata\roaming\Malwarebytes
2011-05-21 13:40:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 13:40:10 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 13:40:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-18 11:31:15 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-05-18 11:31:15 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-05-18 11:31:15 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-05-18 11:31:15 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-05-18 11:31:15 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-05-18 11:31:15 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-05-18 11:31:15 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-05-18 11:31:15 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-05-18 11:31:15 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-05-18 11:31:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-05-18 11:31:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-05-18 11:31:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.
==================== Find3M ====================
.
2011-04-14 03:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:48:04,17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 PM

Posted 12 June 2011 - 01:37 PM

Hello PVG ,

Posted Image

Could you please post the report you got from ComboFix when you ran it? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 PVG

PVG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 12 June 2011 - 01:49 PM

First of all: thanks for the quick reply :)

When I ran Combofix, it gave me the following message:

"The driver 'volsnap.sys' is patched with a rootkit.
Attempting disinfection.
Be patient as this may take several minutes"

I pressed OK assuming it would solve the problem, but then my computer froze completely and I had to shut it down by pressing the reset button. So I'm afraid I don't have a report.

I will run it again if necessary.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 PM

Posted 12 June 2011 - 01:56 PM

Hello,

You're welcome. :)

Yes, go ahead and try running it again. You can always do another hard shut down if you need to, and if that happens....we'll do something else. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 PVG

PVG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 12 June 2011 - 02:18 PM

Combofix didn't freeze this time (didn't press OK button).

Combofix log:

ComboFix 11-06-11.01 - Van Genechten 12/06/2011 20:54:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1324 [GMT 2:00]
Gestart vanuit: c:\users\Van Genechten\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Kan c:\combofix\temAA niet vinden
Kan c:\combofix\temAA niet vinden
Kan c:\combofix\temAA niet vinden
Kan c:\combofix\temAA niet vinden
Kan c:\combofix\temAA niet vinden
Kan c:\combofix\temAA niet vinden
Toegang geweigerd.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Van Genechten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Van Genechten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Van Genechten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Van Genechten\Desktop\Windows Vista Recovery.lnk
.
Besmet exemplaar van c:\windows\system32\drivers\volsnap.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :P
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))
.
.
2011-06-12 19:06 . 2011-06-12 19:07 -------- d-----w- c:\users\Van Genechten\AppData\Local\temp
2011-06-12 19:06 . 2011-06-12 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 11:56 . 2011-06-12 11:56 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-11 21:28 . 2011-06-12 18:41 -------- d-----w- C:\32788R22FWJFW
2011-06-11 15:38 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 15:38 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-11 15:38 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-11 15:38 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-11 15:38 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-11 15:38 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-11 15:38 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-11 15:38 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-11 15:37 . 2011-06-11 15:37 -------- d-----w- c:\programdata\AVAST Software
2011-06-11 15:37 . 2011-06-11 15:37 -------- d-----w- c:\program files\AVAST Software
2011-06-11 11:44 . 2011-06-11 11:44 -------- d-----w- c:\users\Van Genechten\AppData\Roaming\SUPERAntiSpyware.com
2011-06-11 11:44 . 2011-06-11 11:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-11 11:43 . 2011-06-11 11:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 22:59 . 2011-06-12 11:56 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-10 22:58 . 2011-06-10 22:58 -------- d-----w- c:\programdata\Hitman Pro
2011-06-10 10:31 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0F5A5D1-BA74-4552-8DC2-25BCF9C24009}\mpengine.dll
2011-05-25 08:28 . 2011-05-25 08:28 -------- d-----w- c:\users\Van Genechten\AppData\Roaming\NVIDIA
2011-05-25 08:28 . 2011-05-25 08:28 -------- d-sh--w- c:\programdata\DSS
2011-05-24 10:34 . 2011-05-24 10:34 -------- d-----w- c:\program files\Common Files\Skype
2011-05-23 10:14 . 2011-05-23 10:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-23 10:14 . 2011-05-23 10:15 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-23 10:12 . 2011-05-23 10:12 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-23 09:56 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-21 13:41 . 2011-05-21 13:41 -------- d-----w- c:\users\Van Genechten\AppData\Roaming\Malwarebytes
2011-05-21 13:40 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 13:40 . 2011-05-21 13:40 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 13:40 . 2011-06-12 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 10:30 . 2011-05-21 10:30 -------- d-----w- c:\programdata\WindowsSearch
2011-05-18 11:31 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-05-18 11:31 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-05-18 11:31 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-05-18 11:31 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-05-18 11:31 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-05-18 11:31 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-05-18 11:31 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-05-18 11:31 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-05-18 11:31 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-05-18 11:31 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-05-18 11:31 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-05-18 11:31 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2010-04-15 09:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
"{d1a1c8f1-e3d9-48df-802f-20201061ef61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMess.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1a1c8f1-e3d9-48df-802f-20201061ef61}]
2010-02-22 10:05 2353176 ----a-w- c:\program files\Messenger_Plus_Live_Belgium\tbMess.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 10:11 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d1a1c8f1-e3d9-48df-802f-20201061ef61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMess.dll" [2010-02-22 2353176]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
.
[HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D1A1C8F1-E3D9-48DF-802F-20201061EF61}"= "c:\program files\Messenger_Plus_Live_Belgium\tbMess.dll" [2010-02-22 2353176]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
.
[HKEY_CLASSES_ROOT\clsid\{d1a1c8f1-e3d9-48df-802f-20201061ef61}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Van Genechten\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Van Genechten\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Van Genechten\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Van Genechten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Van Genechten\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-22 14:56]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:01]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:01]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500425882-1193965467-544898847-1000Core.job
- c:\users\Van Genechten\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 19:21]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500425882-1193965467-544898847-1000UA.job
- c:\users\Van Genechten\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 19:21]
.
2011-06-12 c:\windows\Tasks\User_Feed_Synchronization-{565DB78B-CD02-42C4-A079-74158CE2DD8D}.job
- c:\windows\system32\msfeedssync.exe [2011-05-23 10:10]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.joker-online.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Van Genechten\AppData\Roaming\Mozilla\Firefox\Profiles\42n95sai.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.joker-online.be/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 21:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1500425882-1193965467-544898847-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1500425882-1193965467-544898847-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,12,6f,8c,47,11,c1,32,69,c4,03,d7,89,b7,eb,ba,44,12,b1,93,4e,
fd,64,71,6f,2e,c8,aa,7c,14,4d,2c,24,02,43,f4,43,bd,9f,62,a3,2b,b3,12,ed,7a,\
"rkeysecu"=hex:a0,38,d7,f5,1c,d8,ff,a9,bc,00,af,62,76,5e,2b,62
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-06-12 21:11:18
ComboFix-quarantined-files.txt 2011-06-12 19:11
.
Pre-Run: 15.022.100.480 bytes beschikbaar
Post-Run: 21.036.064.768 bytes beschikbaar
.
- - End Of File - - 5B517A168EE68AEF03ABF4BEBBDC19F5

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 PM

Posted 12 June 2011 - 02:33 PM

Excellent......volsnap was replaced that time. :thumbup2: How is it running now please? Have a quick scan with MBAM and make sure nothing sneaky is still happening. If it reports anything, please post that in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 PVG

PVG
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 12 June 2011 - 02:49 PM

Many thanks for your help and quick replies!

MBAM found no malicious items and google doesn't redirect anymore so far...
It seems like the problem is solved.

What protection do you recommend in the future (except from not downloading things at all :-))?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 PM

Posted 12 June 2011 - 03:07 PM

Hi there,

Glad to know it. :thumbup2:

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

I see evidence of both Avira and Avast! on your system. If you want to keep Avast! I recommend you disable it and use it every once in a while as an on demand scanner only. Running more than one causes more problems than you might think. In this case, less is more. :) Keep MBAM and scan with it as you like. If you have the resources, keep SAS for the same reason, otherwise remove it. In my opinion MBAM is the better AntiSpyware and is much lighter on resources. Keep Defender for the real time protection.

Please go in to Add/Remove Programs/Software in the Control Panel and uninstall all those old versions of Java. They take up a TON of space and are exploitable by malware. Just leave the newest version....U_ 25.

Also update your version of Adobe. As with Java, older versions are exploitable.

If you don't use it, or if you don't know how it got there (which is likely) then uninstall anything to do with Ask.

If there's anything else I can help you with, please feel free to ask. :) Otherwise........

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:29 PM

Posted 07 August 2011 - 12:58 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users