Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default Getting re-directs

    Hi fireman4it,

    Unfortunately I've been hit by a re-direct on my IE browser (not FF however). I believe the culprit was in an e-mail from a friend, no attachment was included. The re-direct is to Top 10 Famous Celebrity Sex Scandals

    Here are the logs that may be of some help:

    SUPERAntiSpyware Scan Log


    Generated 05/01/2012 at 02:10 PM

    Application Version : 5.0.1148

    Core Rules Database Version : 8539
    Trace Rules Database Version: 6351

    Scan type : Quick Scan
    Total Scan Time : 00:03:24

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 365
    Memory threats detected : 0
    Registry items scanned : 29192
    Registry threats detected : 0
    File items scanned : 7084
    File threats detected : 69

    Adware.Tracking Cookie
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adrevolver.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .media.adrevolver.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adviva.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .specificmedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .edge.ru4.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .tacoda.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adcentriconline.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .glb.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adserverec.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adserverwc.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .ad.us-ec.adtechus.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .bluestreak.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .loadxl.exelator.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .loadxl.exelator.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .loadxl.exelator.biz [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .precisionclick.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .precisionclick.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    rotator.adjuggler.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .clicktale.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .chitika.net [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .kanoodle.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    Tatto Media - Advertise Smart [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .adlegend.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .weborama.fr [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    BurstMedia [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    data.coremetrics.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    pluckit.demandmedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]
    1a-do-not-track-plus.com [ C:\DOCUMENTS AND SETTINGS\GLYN JONES\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WCTY58CV.DEFAULT\COOKIES.SQLITE ]


    Malwarebytes Anti-Malware 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.05.01.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Glyn Jones :: GLYNSPC [administrator]

    01/05/2012 1:19:52 PM
    mbam-log-2012-05-01 (13-19-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203101
    Time elapsed: 3 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.

    Files Detected: 4
    C:\Documents and Settings\Glyn Jones\Desktop\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\BACKGROUND.HTML (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx (PUP.BFlix) -> Quarantined and deleted successfully.

    (end)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:59:08 PM, on 01/05/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Highjackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1263445627265
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1259991074109
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

    --
    End of file - 5537 bytes

    I would really appreciate your help on this ..


  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello Canuck,


    Is it redirecting when using your browser? Is it opening multiple tabs? Or is just redirecting you from your homepage?
    Also are you connected to the internet through a router?


    Let's also have a DDS and aswMBR log.


    1.
    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    2.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    3.
    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.
    -- If you encounter any problems, try running GMER in Safe Mode.



    Please post those logs along with the answers to my other questions. Then we will see about getting you cleaned up.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. The Following User Says Thank You to fireman4it For This Useful Post:


  4. #3
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Hi Foreman4it,

    Is it redirecting when using your browser? Yes, just the IE browser not FF

    Is it opening multiple tabs? No

    Or is just redirecting you from your homepage? Yes

    Also are you connected to the internet through a router? Combo of modem/router

    Here are the logs you requested:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
    Run by Glyn Jones at 15:24:09 on 2012-05-01
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2855 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UTSCSI.EXE
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/ig
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
    uRun: [cdloader] "c:\documents and settings\glyn jones\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263445627265
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259991074109
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    TCP: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
    TCP: Interfaces\{6A77E218-28D2-43BF-97AC-81EB5922BAC6} : DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
    Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\glyn jones\application data\mozilla\firefox\profiles\wcty58cv.default\
    FF - prefs.js: browser.search.selectedEngine - SearchOnMe
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig |http://www.help2go.com/online.php
    FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?l=1&q=
    FF - plugin: c:\documents and settings\glyn jones\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-12-20 14976]
    R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2010-6-5 234800]
    R3 CCCP106;D-Link CIF Webcam;c:\windows\system32\drivers\cccp106.sys [2010-4-4 227200]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2008-8-19 384896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
    S3 cpuz132;cpuz132;\??\c:\docume~1\glynjo~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\glynjo~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-2-8 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-2-8 8456]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-1-7 74752]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-14 47640]
    .
    =============== Created Last 30 ================
    .
    2012-05-01 20:34:44 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{843b4d41-d291-4691-9d51-9e10a8181f53}\mpengine.dll
    2012-05-01 19:07:59 -------- d-----w- c:\documents and settings\glyn jones\application data\SUPERAntiSpyware.com
    2012-05-01 19:07:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-01 19:07:17 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-05-01 16:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-05-01 16:34:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-01 16:32:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-25 04:04:30 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-04-25 04:04:30 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-04-23 04:29:40 -------- d-----w- c:\program files\K-Lite Codec Pack
    2012-04-15 03:20:53 -------- d-----w- c:\program files\MyDefrag v4.3.1
    .
    ==================== Find3M ====================
    .
    2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-21 02:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-02 12:01:32 11082752 ----a-w- c:\windows\system32\ieframe(2).dll
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-24 17:40:51 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-24 17:40:51 567696 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-24 17:40:51 141312 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-09 18:24:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-07 17:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 15:24:40.03 ===============


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-01 15:28:48
    -----------------------------
    15:28:48.453 OS Version: Windows 5.1.2600 Service Pack 3
    15:28:48.453 Number of processors: 2 586 0x1706
    15:28:48.453 ComputerName: GLYNSPC UserName:
    15:28:55.640 Initialize success
    15:29:10.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:29:10.515 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8
    15:29:10.515 Disk 0 MBR read successfully
    15:29:10.515 Disk 0 MBR scan
    15:29:10.515 Disk 0 Windows XP default MBR code
    15:29:10.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476921 MB offset 63
    15:29:10.531 Disk 0 scanning sectors +976735935
    15:29:10.609 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:29:30.609 Service scanning
    15:29:33.796 Service MpKsl0bc3c075 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{843B4D41-D291-4691-9D51-9E10A8181F53}\MpKsl0bc3c075.sys **LOCKED** 32
    15:29:37.296 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    15:29:39.093 Modules scanning
    15:30:06.843 Disk 0 trace - called modules:
    15:30:06.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sprt.sys hal.dll
    15:30:06.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aef39c0]
    15:30:06.859 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8af5d030]
    15:30:06.859 Scan finished successfully
    15:30:19.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Glyn Jones\Desktop\MBR.dat"
    15:30:19.656 The log file has been saved successfully to "C:\Documents and Settings\Glyn Jones\Desktop\aswMBR.txt"

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-01 20:07:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0.
    Running: ru8iw570.exe; Driver: C:\DOCUME~1\GLYNJO~1\LOCALS~1\Temp\kxtdqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT sprt.sys ZwCreateKey [0xB9EAF0E0]
    SSDT sprt.sys ZwEnumerateKey [0xB9EC9E4C]
    SSDT sprt.sys ZwEnumerateValueKey [0xB9ECA1DA]
    SSDT sprt.sys ZwOpenKey [0xB9EAF0C0]
    SSDT sprt.sys ZwQueryKey [0xB9ECA2B2]
    SSDT sprt.sys ZwQueryValueKey [0xB9ECA132]
    SSDT sprt.sys ZwSetValueKey [0xB9ECA344]

    INT 0x63 ? 8B009C88
    INT 0x63 ? 8A296C88
    INT 0x83 ? 8AF97C88
    INT 0x83 ? 8AF97C88
    INT 0x83 ? 8A296C88
    INT 0x83 ? 8AF97C88
    INT 0x84 ? 8A296C88
    INT 0xA4 ? 8A296C88
    INT 0xA4 ? 8A296C88
    INT 0xA4 ? 8A296C88
    INT 0xA4 ? 8A296C88
    INT 0xB4 ? 8A296C88

    ---- Kernel code sections - GMER 1.0.15 ----

    ? sprt.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB84DA000, 0x230C27, 0xE8000020]
    .text USBPORT.SYS!DllUnload B84918AC 5 Bytes JMP 8A2961D8
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA43A6A00]
    ? C:\DOCUME~1\GLYNJO~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\GLYNJO~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9EB03E6] sprt.sys
    IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9EB090E] sprt.sys
    IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9EB0F9C] sprt.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB090E] sprt.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB01D4] sprt.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB0116] sprt.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB1178] sprt.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB0F9C] sprt.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC1976] sprt.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8B0081F8
    Device \Driver\usbuhci \Device\USBPDO-0 8A3151F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A3151F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A3151F8
    Device \Driver\usbehci \Device\USBPDO-3 8A4F21F8
    Device \Driver\usbuhci \Device\USBPDO-4 8A3151F8
    Device \Driver\usbuhci \Device\USBPDO-5 8A3151F8
    Device \Driver\usbuhci \Device\USBPDO-6 8A3151F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8B00A1F8
    Device \Driver\usbehci \Device\USBPDO-7 8A4F21F8
    Device \Driver\Cdrom \Device\CdRom0 8A2691F8
    Device \Driver\iaStor \Device\Ide\iaStor0 [B9D97EB0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B9E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E29B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D97EB0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D97EB0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\USBSTOR \Device\00000080 85CFB470
    Device \Driver\NetBT \Device\NetBt_Wins_Export 85DB4470
    Device \Driver\USBSTOR \Device\00000084 85CFB470
    Device \Driver\NetBT \Device\NetbiosSmb 85DB4470
    Device \Driver\PCI_PNP3766 \Device\0000004d sprt.sys
    Device \Driver\sptd \Device\385230016 sprt.sys
    Device \Driver\NetBT \Device\NetBT_Tcpip_{6A77E218-28D2-43BF-97AC-81EB5922BAC6} 85DB4470
    Device \Driver\usbuhci \Device\USBFDO-0 8A3151F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A3151F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D37470
    Device \Driver\usbuhci \Device\USBFDO-2 8A3151F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D37470
    Device \Driver\usbehci \Device\USBFDO-3 8A4F21F8
    Device \Driver\usbuhci \Device\USBFDO-4 8A3151F8
    Device \Driver\Ftdisk \Device\FtControl 8B00A1F8
    Device \Driver\usbuhci \Device\USBFDO-5 8A3151F8
    Device \Driver\usbuhci \Device\USBFDO-6 8A3151F8
    Device \Driver\usbehci \Device\USBFDO-7 8A4F21F8
    Device \Driver\apup4abo \Device\Scsi\apup4abo1 8A4711F8
    Device \FileSystem\Cdfs \Cdfs 85D31470

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0x75 0x72 0xFE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x1E 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x7A 0x25 0x4D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xC2 0x73 0xDF ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0xA8 0xED 0x84 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0x75 0x72 0xFE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x1E 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x7A 0x25 0x4D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0xC2 0x73 0xDF ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0xA8 0xED 0x84 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{192CDBB8-81F4-1004-2F63-AFF5B9971B9C}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{192CDBB8-81F4-1004-2F63-AFF5B9971B9C}@iaiiimeccnnbkbofng 0x6B 0x61 0x62 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{192CDBB8-81F4-1004-2F63-AFF5B9971B9C}@haghogjmooljnhpa 0x6B 0x61 0x62 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2275D30C-9C02-CE45-6553-809E3DE0BE3A}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2275D30C-9C02-CE45-6553-809E3DE0BE3A}@jaokaghnbjdgjojkdabd 0x62 0x61 0x62 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2275D30C-9C02-CE45-6553-809E3DE0BE3A}@jaokaghnbjdgjojkdanc 0x62 0x61 0x61 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2275D30C-9C02-CE45-6553-809E3DE0BE3A}@iaopedihhehifobkkl 0x6B 0x61 0x70 0x61 ...

    ---- EOF - GMER 1.0.15 ----

    Hope this is OK?


  5. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    I don't really see anything in your logs. Let's run a couple of tools and see if they find anything. Lets also reset your router.



    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    3.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    4.
    How to reset your Router.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    RogueKiller log
    The Attach.txt from DDS run
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. The Following User Says Thank You to fireman4it For This Useful Post:


  7. #5
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Hello Fireman4it,

    Here are the reports:

    The TDSS only found 1 suspicious object sptd (lockedfile.Multi.Generic)

    ComboFix 12-05-01.03 - Glyn Jones 01/05/2012 22:37:29.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2751 [GMT -6:00]
    Running from: c:\documents and settings\Glyn Jones\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
    c:\documents and settings\Glyn Jones\Application Data\inst.exe
    c:\documents and settings\Glyn Jones\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\Glyn Jones\WINDOWS
    c:\windows\system32\HPZipr12.1
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-02 02:07 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A3A6E52-91EE-4D5A-8C9A-C03AC5AFDAE7}\mpengine.dll
    2012-05-01 19:07 . 2012-05-01 19:07 -------- d-----w- c:\documents and settings\Glyn Jones\Application Data\SUPERAntiSpyware.com
    2012-05-01 19:07 . 2012-05-01 19:07 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-01 19:07 . 2012-05-01 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-05-01 16:34 . 2012-05-01 16:34 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-01 16:32 . 2012-05-01 16:32 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-25 04:04 . 2012-04-25 04:04 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-04-25 04:04 . 2012-04-25 04:04 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2012-04-23 04:29 . 2012-04-23 04:30 -------- d-----w- c:\program files\K-Lite Codec Pack
    2012-04-22 02:23 . 2012-04-22 02:23 -------- d-----w- c:\program files\7-Zip
    2012-04-15 03:20 . 2012-04-15 03:35 -------- d-----w- c:\program files\MyDefrag v4.3.1
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-13 07:36 . 2011-06-26 01:02 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-04-04 21:56 . 2009-05-26 20:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-21 02:44 . 2010-10-25 03:25 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-02 12:01 . 2007-08-14 01:54 11082752 ----a-w- c:\windows\system32\ieframe(2).dll
    2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-24 17:40 . 2012-02-24 17:41 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-02-24 17:40 . 2012-02-24 17:41 141312 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-24 17:40 . 2010-04-26 00:17 567696 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-09 18:24 . 2011-05-28 20:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-04-25 04:04 . 2012-02-09 18:08 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
    "cdloader"="c:\documents and settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
    backup=c:\windows\pss\Event Reminder.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Glyn Jones^Start Menu^Programs^Startup^Secunia PSI.lnk]
    path=c:\documents and settings\Glyn Jones\Start Menu\Programs\Startup\Secunia PSI.lnk
    backup=c:\windows\pss\Secunia PSI.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-05-01 16:48 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
    "c:\\Documents and Settings\\Glyn Jones\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5060:UDP"= 5060:UDP:MJ1
    "15493:TCP"= 15493:TCP:BitComet 15493 TCP
    "15493:UDP"= 15493:UDP:BitComet 15493 UDP
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/06/2010 11:53 AM 697328]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 10:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 3:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 5:38 PM 116608]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [20/12/2009 12:12 AM 14976]
    R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [05/06/2010 10:25 AM 234800]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/04/2012 11:37 AM 158856]
    R3 CCCP106;D-Link CIF Webcam;c:\windows\system32\drivers\cccp106.sys [04/04/2010 7:18 PM 227200]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [19/08/2008 1:41 PM 384896]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [06/05/2009 5:02 PM 47360]
    S1 MpKsl47557fb8;MpKsl47557fb8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A3A6E52-91EE-4D5A-8C9A-C03AC5AFDAE7}\MpKsl47557fb8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A3A6E52-91EE-4D5A-8C9A-C03AC5AFDAE7}\MpKsl47557fb8.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [08/02/2010 8:13 PM 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [08/02/2010 8:13 PM 8456]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24/04/2012 10:04 PM 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
    S4 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [07/01/2012 10:35 PM 74752]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2009-12-24 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
    - c:\windows\vVX3000.exe [2009-12-24 23:38]
    .
    2012-05-02 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/ig
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    TCP: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
    TCP: Interfaces\{6A77E218-28D2-43BF-97AC-81EB5922BAC6}: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242
    FF - ProfilePath - c:\documents and settings\Glyn Jones\Application Data\Mozilla\Firefox\Profiles\wcty58cv.default\
    FF - prefs.js: browser.search.selectedEngine - SearchOnMe
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig |http://www.help2go.com/online.php
    FF - prefs.js: keyword.URL - hxxp://search.searchonme.com/?l=1&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
    AddRemove-Free Studio_is1 - c:\program files\DVDVideoSoft\Free Studio\unins000.exe
    AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2012-05-01 22:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1868206965-754602857-2848513664-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{192CDBB8-81F4-1004-2F63-AFF5B9971B9C}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iaiiimeccnnbkbofng"=hex:6b,61,62,6d,67,6c,6d,6d,6b,66,65,66,61,66,69,68,62,69,
    62,70,69,70,00,00
    "haghogjmooljnhpa"=hex:6b,61,62,6d,67,6c,6d,6d,6b,66,65,66,61,66,69,68,62,69,
    62,70,69,70,00,00
    .
    [HKEY_USERS\S-1-5-21-1868206965-754602857-2848513664-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2275D30C-9C02-CE45-6553-809E3DE0BE3A}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "jaokaghnbjdgjojkdabd"=hex:62,61,62,6f,00,00
    "jaokaghnbjdgjojkdanc"=hex:62,61,61,6f,00,00
    "iaopedihhehifobkkl"=hex:6b,61,70,61,63,66,62,6a,6f,68,6f,65,63,63,67,65,67,64,
    6b,6f,69,62,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(828)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3708)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\windows\system32\msiexec.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\windows\system32\locator.exe
    c:\windows\system32\UTSCSI.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-05-01 22:42:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-02 04:42
    .
    Pre-Run: 414,657,544,192 bytes free
    Post-Run: 414,514,462,720 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 77DBA62BCEB018157F1B244C1795FB36

    RogueKiller V7.4.0 [05/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: RogueKiller - Geeks to Go Forums
    Blog: tigzy-RK

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Glyn Jones [Admin rights]
    Mode: Scan -- Date: 05/01/2012 22:47:57

    Bad processes: 0

    Registry Entries: 6
    [SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-1868206965-754602857-2848513664-1008[...]\Run : cdloader ("C:\Documents and Settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver: [LOADED]
    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)

    Infection :

    HOSTS File:
    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Volume0 +++++
    --- User ---
    [MBR] 3824f90c509813b123344313892f1de2
    [BSP] b65fe5dfc8d94280d66566ce77fb964d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476921 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    AND THE GOOD NEWS IS the re-direct is now gone.

    Is there anything further you wish me to do?

    If not, Thank you very much Fireman4it, I certainly appreciate your time and skill.


  8. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E29B40)
    I don't like the looks of this. Lets run Defogger and then run Roguekiller scan again.

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.


    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. The Following User Says Thank You to fireman4it For This Useful Post:


  10. #7
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Here are the 2 logs Fireman4it:

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 15:44 on 02/05/2012 (Glyn Jones)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...
    Unable to read sptd.sys
    SPTD -> Disabled (Service running -> reboot required)


    -=E.O.F=-

    RogueKiller V7.4.1 [05/02/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: RogueKiller - Geeks to Go Forums
    Blog: tigzy-RK

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Glyn Jones [Admin rights]
    Mode: Scan -- Date: 05/02/2012 15:55:30

    Bad processes: 0

    Registry Entries: 6
    [SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Documents and Settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-1868206965-754602857-2848513664-1008[...]\Run : cdloader ("C:\Documents and Settings\Glyn Jones\Application Data\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver: [LOADED]

    Infection :

    HOSTS File:
    127.0.0.1 localhost


  11. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    That looks much better. Let's run MBAM again and An online scanner to make sure nothing is left over.


    1.
    Please update and run a quickscan with MBAM.

    2.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.


    Things to include in your next reply::
    MBAM log
    Eset log
    How is the machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  12. The Following User Says Thank You to fireman4it For This Useful Post:


  13. #9
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Here are the two logs Fireman:

    Malwarebytes Anti-Malware 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.05.02.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Glyn Jones :: GLYNSPC [administrator]

    02/05/2012 8:45:08 PM
    mbam-log-2012-05-02 (20-45-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203195
    Time elapsed: 4 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    C:\Documents and Settings\Glyn Jones\.frostwire5\updates\frostwire-5.3.4.windows.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Glyn Jones\Application Data\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe Win32/OpenCandy application deleted - quarantined
    C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application deleted - quarantined
    C:\System Volume Information\_restore{9D55EA84-AA1E-4062-96D7-540817F212E5}\RP304\A0057357.exe Win32/OpenCandy application deleted - quarantined
    C:\System Volume Information\_restore{9D55EA84-AA1E-4062-96D7-540817F212E5}\RP304\A0057358.exe Win32/OpenCandy application deleted - quarantined
    C:\System Volume Information\_restore{9D55EA84-AA1E-4062-96D7-540817F212E5}\RP304\A0057359.exe Win32/Toolbar.Widgi application deleted - quarantined
    C:\WINDOWS\Installer\d47589.msi a variant of Win32/HiddenStart.A application deleted - quarantined

    Everything appears to be running smoothly Fireman4it. Should I clean out my Restore Points and run defogger to re-enable? Or are there other steps needed ... many thanks again!!
    Last edited by Canuck; 05-02-2012 at 11:01 PM.


  14. #10
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,817
    Points
    2034

    Default

    Hi Fireman4it,

    I've run defogger to re-enable and reset my System Restore. All is running well Thanks for everything!!


Page 1 of 2 12 LastLast