Yoog Search bar and Precisead popup

[Blade81]

Hi again


Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt contents. How's the system running?


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[FFtac]

ok. Sorry it took so long to get back to you. Family had to go to Busch Gardens today. Computer is running the same as before. no real slow down in speed, just the Yoog search thing. I have been using my laptop lately, so I am not sure about the precisead pop-up. I will check tonight and see if it happens.

I also had problems with my antivirus (rwas running avg free 8.5) I ended up having to delete it with their removal tool. When I ran the combofix like you instructed, I had an error at the end. it was an Ipconfig error, stating it was unable to locate a component, and failed to start because dot3api.dll could not be found. It did seem to finish running though. Logs are below.

Again, thansk for your help.

ComboFix 09-04-04.01 - Don 2009-04-08 22:52:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1582 [GMT -4:00]
Running from: c:\documents and settings\Don\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Don\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-07 08:57 . 2009-04-07 08:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-05 22:05 . 2009-04-07 10:07 <DIR> d-------- c:\program files\TravManager
2009-03-31 04:18 . 2009-01-09 15:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-30 23:13 . 2009-03-30 23:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-30 20:34 . 2009-03-30 20:34 <DIR> d-------- c:\program files\ERUNT
2009-03-30 10:00 . 2009-03-30 10:43 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-30 10:00 . 2009-03-30 10:01 <DIR> d-------- C:\fbfe9b2be2da614e282beaaa
2009-03-15 20:25 . 2009-03-18 23:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 13:47 . 2009-03-15 20:26 <DIR> d-------- c:\documents and settings\Don\Application Data\GetRightToGo
2009-03-12 03:09 . 2004-08-04 03:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-11 21:17 . 2009-03-11 21:17 <DIR> d-------- c:\program files\LWW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-07 12:57 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-04-07 12:57 --------- d-----w c:\program files\Java
2009-04-06 02:31 --------- d-----w c:\program files\TravianManager
2009-04-01 19:34 --------- d-----w c:\documents and settings\Guest\Application Data\Microsoft Games
2009-04-01 19:34 --------- d-----w c:\documents and settings\Don\Application Data\Microsoft Games
2009-04-01 19:32 --------- d-----w c:\program files\TreeLine
2009-03-30 15:04 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-23 22:49 --------- d-----w c:\program files\Google
2009-03-12 01:58 --------- d-----w c:\documents and settings\Don\Application Data\Tutor
2009-03-10 15:03 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-17 12:56 --------- d-----w c:\documents and settings\Don\Application Data\mIRC
2009-02-17 04:24 --------- d-----w c:\program files\mIRC
2009-02-17 00:30 34 ----a-w c:\documents and settings\Don\jagex_runescape_preferences.dat
2009-02-12 19:50 --------- d-----w c:\program files\Common Files\Adobe
2009-02-09 13:38 29,928 ----a-w c:\documents and settings\Don\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 00:52 34 ----a-w c:\documents and settings\Christie\jagex_runescape_preferences.dat
2008-05-19 23:50 23,704 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2006-07-05 06:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
2006-07-05 06:57 985088 0fdd84928a5dde2510761b7ec76ccec9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 12:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 11:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-04 03:56 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB917422$\kernel32.dll
2002-09-03 15:41 930304 8f162dc91d67d87c1a481bf602a9dac8 c:\windows\$NtUninstallKB917422_0$\kernel32.dll
2006-07-05 06:55 984064 d8db5397de07577c1cb50ba6d23b3ad4 c:\windows\$NtUninstallKB935839$\kernel32.dll
2004-08-04 03:56 983552 888190e31455fad793312f8d087146eb c:\windows\ServicePackFiles\i386\kernel32.dll
2007-04-16 11:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 11:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-07_ 9.56.20.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\4-8-2009\ERDNT.EXE
+ 2009-04-09 02:50:11 4,841,472 ----a-w c:\windows\ERDNT\AutoBackup\4-8-2009\Users\00000001\NTUSER.DAT
+ 2009-04-09 02:50:12 167,936 ----a-w c:\windows\ERDNT\AutoBackup\4-8-2009\Users\00000002\UsrClass.dat
+ 2009-04-09 02:50:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_61c.dat
+ 2009-04-09 02:49:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]

c:\documents and settings\Don\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2009-01-08 161160]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2006-05-10 15:52 249856 c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-12-19 37376]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 22:54:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY
*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"h:\\drivers\\chipset\\rd580_sb600_drv\\winxp\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-08 22:56:03
ComboFix-quarantined-files.txt 2009-04-09 02:55:50
ComboFix2.txt 2009-04-07 13:58:53

Pre-Run: 43,931,066,368 bytes free
Post-Run: 43,928,293,376 bytes free

154 --- E O F --- 2009-03-31 09:26:42



DDS (Ver_09-03-16.01) - NTFSx86
Run by Don at 23:03:50.71 on Wed 04/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1558 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Don\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\don\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\panasonic\videocamsuite\VideoCamSuiteAutoStart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205772238187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206530942570
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc3121.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.tgh.org/dwa7W.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2007-12-19 37376]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

=============== Created Last 30 ================

2009-04-08 22:52 <DIR> --d----- C:\ComboFix
2009-04-07 09:54 <DIR> a-dshr-- C:\cmdcons
2009-04-07 09:49 161,792 a------- c:\windows\SWREG.exe
2009-04-07 09:49 98,816 a------- c:\windows\sed.exe
2009-04-07 08:57 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-07 08:54 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-05 22:05 <DIR> --d----- c:\program files\TravManager
2009-03-31 04:18 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-30 23:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-30 10:00 <DIR> --d----- C:\fbfe9b2be2da614e282beaaa
2009-03-30 10:00 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-15 13:47 <DIR> --d----- c:\docume~1\don\applic~1\GetRightToGo
2009-03-12 03:09 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-11 21:17 <DIR> --d----- c:\program files\LWW

==================== Find3M ====================

2009-04-07 08:57 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 20:30 34 a------- c:\documents and settings\don\jagex_runescape_preferences.dat
2009-02-09 09:38 29,928 a------- c:\docume~1\don\applic~1\GDIPFONTCACHEV1.DAT
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 23:03:57.15 ===============

[Blade81]

Hi

I also had problems with my antivirus (rwas running avg free 8.5) I ended up having to delete it with their removal tool.

You'll need to install new one after we've done here.


If you have Firefox installed please uninstall it thru add/remove programs. Let it remove profile stuff too. Move to next point if Firefox entry isn't found.


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete following folders:
c:\documents and settings\don\application data\mozilla\firefox
c:\program files\mozilla firefox


For IE do following:
1. Click Tools & select internet options.
2. Click Settings -button on the right of "Change search defaults."
3. In Change Search Defaults -window highlight Yoog related item and click Remove. Click Ok after that.

Close IE and reboot. Still issues?

[FFtac]

So far it seems like everything is working fine. I haven't had any popups from the precisead thing. also, my search bar has stayed the way I wanted it, not cconstantly changing to the yoog search. Thanks for your help.

Don

[Blade81]

Good

Now lets uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Delete dds.com file and related logs too.


Also, you need to install antivirus program there if you haven't reinstalled AVG yet.

Other good free antivirus programs are:
Antivir
Avast!

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.