Tech Support Forum banner
Cancel

Yet Another Google Redirect Virus

829 Views 2 Replies 2 Participants Last post by  sjpritch25
N
Hello,

I have a Google Redirect Virus that I have been unable to locate and eradicate. So far, the redirects happen only in Firefox and only on one PC. Usually on a new search, the first click takes me to an ad site. In a few instances, I couldn't enter a new search term on Google without going back to Google Start. I have tried HiJackThis, Malwarebyts, SpyBot, HitMan Pro and Sophos Anit-Rootkit. Nothing found it.

Here is the info requested. I had trouble with gmer not running, so I renamed it as l0lz.exe. It got further, but still would not completely load. I rebooted and it was able to run.

Any help would be greatly appreciated. :pray:

Thanks,

Chance


DDS (Ver_10-03-17.01) - NTFSx86
Run by Chance at 19:08:00.84 on Fri 07/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1378 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avast4\ashDisp.exe
D:\Program Files\Razer\Diamondback\Razer\Diamondback\razerhid.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
D:\Program Files\VMWare\hqtray.exe
D:\Program Files\RoboForm\robotaskbaricon.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Razer\Diamondback\Razer\Diamondback\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Razer\Diamondback\Razer\Diamondback\razerofa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chance\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxps://portal.{REMOVED}.com/+CSCOE+/logon.html
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\program files\roboform\roboform.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\program files\roboform\roboform.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RoboForm] "d:\program files\roboform\RoboTaskBarIcon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] "d:\program files\avast4\ashDisp.exe"
mRun: [Diamondback] d:\program files\razer\diamondback\razer\diamondback\razerhid.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "d:\program files\vmware\hqtray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\chance\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - d:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jungle~1.lnk - d:\program files\jungledisk\junglediskmonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://d:\program files\roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://d:\program files\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\program files\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\program files\roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\program files\roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\program files\roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\program files\roboform\RoboFormComShowToolbar.html
LSP: d:\program files\vmware\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} - hxxps://{REMOVED}/+CSCOL+/cscopf.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chance\appdata\roaming\mozilla\firefox\profiles\b6ig6240.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|hxxp://www.facebook.com/login.php|chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: d:\program files\roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-9 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-9 53328]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-12-22 47640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-11-9 13225]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 avast! Antivirus;avast! Antivirus;d:\program files\avast4\ashServ.exe [2010-1-25 138680]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
S3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\avast4\ashMaiSv.exe [2010-1-25 254040]
S3 avast! Web Scanner;avast! Web Scanner;d:\program files\avast4\ashWebSv.exe [2010-1-25 352920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-11-17 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-17

79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S3 OrbisClient.Services;LabSim Configuration and Security;d:\program files\testout\orbis\OrbisClient.Services.exe [2009-12-7 14336]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]

=============== Created Last 30 ================

2010-07-16 03:24:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-16 03:23:44 0 d-----w- c:\programdata\Hitman Pro
2010-07-16 03:23:42 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-14 05:40:42 1712128 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-10 21:56:00 0 d-----w- c:\users\chance\appdata\roaming\Malwarebytes
2010-07-10 21:55:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 21:55:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 21:55:49 0 d-----w- c:\programdata\Malwarebytes
2010-07-10 21:06:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-07 02:02:01 0 d-----w- c:\users\chance\appdata\roaming\JungleDisk
2010-07-05 01:56:01 0 d-----w- c:\users\chance\appdata\roaming\eBookPro6
2010-06-24 09:00:29 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 09:00:29 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 09:00:29 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 09:00:29 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 09:00:29 1130824 ----a-w- c:\windows\system32\dfshim.dll

==================== Find3M ====================

2010-06-09 21:55:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 21:55:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-09 21:55:51 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13:36 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 09:18:54 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-23 09:17:31 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:08:27.00 ===============

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 3 of 3 Posts
N
I decided to run combofix just to see what it would find. I didn't intend to remove anything, not realizing it would do it anyway. It found a few things that everything else missed and removed them. Now the redirects appear to have stopped.

My question is this. Am I safe now? They seemed like simple enough files to find, exe's in the Temp & system32 directory's. Why couldn't anything else find them? Combofix didn't say anything about a rootkit. Does this mean I shouldn't have a rootkit, just some really hard to find virus?

Here are the parts that combofix found and cleaned up.

R3 B;B;c:\users\Chance\AppData\Local\Temp\B.exe [x]
R3 BORLWFMULLUZ;BORLWFMULLUZ;c:\users\Chance\AppData\Local\Temp\BORLWFMULLUZ.exe [x]
R3 HHWRCLH;HHWRCLH;c:\users\Chance\AppData\Local\Temp\HHWRCLH.exe [x]
R3 KNKML;KNKML;c:\users\Chance\AppData\Local\Temp\KNKML.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FEBB.tmp [x]
R3 WUPOD;WUPOD;c:\users\Chance\AppData\Local\Temp\WUPOD.exe [x]

Thanks!

Chance
Save
Like
sjpritch25
Welcome to TSF :)

Sorry for the delay.

Please run ComboFix again, so i can get a fresh copy of the log.

Thanks
Save
Like
1 - 3 of 3 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top