Results 1 to 2 of 2

Thread: Browser Trouble

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    1

    Default Browser Trouble

    Hi,

    Like many other users lately, I have been having problems with my google and yahoo search results. The links redirect to ad sites. I have included a scan log of ComboFix, HijackThis, and MalwareBytes below. Thank you so much in advance!

    ComboFix 09-01-21.04 - Sonia 2009-01-24 14:10:42.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.590 [GMT -8:00]
    Running from: c:\documents and settings\Sonia\Desktop\ComboFix.exe
    AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
    FW: Norton Internet Security 2006 *disabled*
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
    .

    2009-01-24 13:35 . 2009-01-24 13:35 <DIR> d-------- c:\program files\Trend Micro
    2009-01-24 13:32 . 2009-01-24 13:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-24 13:32 . 2009-01-24 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-20 00:36 . 2009-01-24 11:55 40,433 --a------ c:\windows\Sysvxd.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 21:57 --------- d-----w c:\program files\Google
    2008-12-12 17:27 3,067,392 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
    2008-12-09 23:05 --------- d-----w c:\documents and settings\Sonia\Application Data\Move Networks
    2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-12-19 02:01 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-19 02:01 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-19 02:01 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-19 02:01 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-19 02:01 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2006-12-30 22:57 22 --sha-w c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2006-11-07 50736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
    "SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=

    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
    R4 Ati HotKey Poller (Ati HotKey Poller);Ati HotKey Poller (Ati HotKey Poller);c:\program files\Common Files\System\smss.exe [2009-01-19 7424]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder

    2008-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

    2008-11-19 c:\windows\Tasks\Easy Internet Sign-up.job
    - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 09:55]

    2009-01-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Sonia.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 06:26]

    2006-04-14 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 13:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 14:11:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1000)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-01-24 14:13:17
    ComboFix-quarantined-files.txt 2009-01-24 22:13:05
    ComboFix2.txt 2009-01-24 20:10:28

    Pre-Run: 17,129,869,312 bytes free
    Post-Run: 17,119,371,264 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    119 --- E O F --- 2009-01-14 18:40:01


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:14:03 PM, on 1/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\System\smss.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY......n&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY......n&pf=laptop
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - Unknown owner - C:\Program Files\Common Files\\System\\smss.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8524 bytes


    Malwarebytes' Anti-Malware 1.33
    Database version: 1690
    Windows 5.1.2600 Service Pack 2

    1/24/2009 4:25:12 PM
    mbam-log-2009-01-24 (16-25-07).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|)
    Objects scanned: 171796
    Time elapsed: 1 hour(s), 19 minute(s), 53 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 5

    Memory Processes Infected:
    C:\Program Files\Common Files\System\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    C:\WINDOWS\system32\414302 (Trojan.BHO) -> No action taken.

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\124909\124909.dll.vir (Trojan.BHO) -> No action taken.
    C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP80\A0004841.dll (Trojan.BHO) -> No action taken.
    C:\WINDOWS\system32\414302\414302.dll (Trojan.BHO) -> No action taken.
    C:\Program Files\Common Files\System\smss.exe.assembly (Heuristics.Reserved.Word.Exploit) -> No action taken.
    C:\Program Files\Common Files\System\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
    The junk can be tough to remove, so do not expect fast or easy.

    I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.
    ComboFix is not a general purpose cleaning tool, please do not use this tool without supervision.
    Do NOT run 'FIXES' before helpers have analyzed the HJT log
    http://forums.spybot.info/showthread.php?t=16806
    MBAM found junk and you chose: No action taken
    any particular reason why you did not have MBAM fix the junk?

    If you still need help, and you have read and followed the "Before you Post" directions, post a new HJT log since it has been five days, and I will take a look, please describe any recent symptoms.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •