Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Redirects google and other Search engines


  • This topic is locked This topic is locked
2 replies to this topic

#1 Watashiwa

Watashiwa

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 30 October 2009 - 12:37 PM

Computer wont allow me to do google searches or any searches for that matter. Also moving quite slower then the norm. Otherwise, nothing seems weird about the computer. Here are teh combofix, AAw, Hijackthis logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:21 AM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
O15 - Trusted Zone: http://www.philadelphonic.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m....sh/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 11118 bytes


ComboFix 09-10-26.03 - jack 10/27/2009 10:06.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.184 [GMT -4:00]
Running from: c:\documents and settings\jack\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 09:27 . 2009-10-26 09:27 -------- d-----w- c:\program files\Verizon Wireless
2009-10-25 13:30 . 2009-10-25 13:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-25 13:30 . 2009-10-06 19:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-12 19:48 . 2009-10-12 19:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 17:48 . 2009-10-12 17:48 -------- d-sh--w- c:\documents and settings\jack\PrivacIE
2009-10-12 17:41 . 2009-10-12 17:41 -------- d-sh--w- c:\documents and settings\jack\IETldCache
2009-10-12 17:39 . 2009-10-12 17:39 -------- d-----w- c:\windows\ie8updates
2009-10-12 17:36 . 2009-10-12 17:38 -------- dc-h--w- c:\windows\ie8
2009-10-12 17:34 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-12 17:34 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 17:34 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-06 19:51 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-06 19:47 . 2009-10-06 19:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-06 19:46 . 2009-10-06 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-06 19:46 . 2009-10-06 19:46 -------- d-----w- c:\program files\Lavasoft
2009-10-02 04:31 . 2009-10-02 04:31 -------- d-----w- c:\windows\Sun
2009-10-02 04:30 . 2009-10-02 04:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 04:30 . 2009-10-02 04:30 -------- d-----w- c:\program files\Java
2009-10-02 04:30 . 2009-10-02 04:30 152576 ----a-w- c:\documents and settings\jack\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 13:06 . 2008-12-16 14:52 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-18 16:01 . 2008-07-28 20:10 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 15:49 . 2008-07-28 19:56 -------- d-----w- c:\documents and settings\jack\Application Data\Blackberry Desktop
2009-09-26 13:24 . 2009-09-09 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\57fa050
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\documents and settings\jack\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\DIRECTV
2009-09-20 13:52 . 2009-09-20 13:53 38208 ----a-w- c:\documents and settings\jack\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2008-01-29 03:44 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-01-29 03:44 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-01-29 03:44 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-31 03:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-01-29 03:44 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-01-29 03:44 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-01-29 03:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-9-3 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2009 3:51 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [5/30/2008 9:51 AM 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 8:07 PM 102448]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: philadelphonic.com\www
Trusted Zone: state.mi.us\www2.dleg
Trusted Zone: superioruniformgroup.com\store
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-PDefender - c:\\Program Files\\Perfect Defender 2009\\UnInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 10:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-27 10:17
ComboFix-quarantined-files.txt 2009-10-27 14:17

Pre-Run: 149,032,894,464 bytes free
Post-Run: 149,248,425,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 159293D5945CDF5368CC577D66BA29B8

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 01 November 2009 - 02:30 PM

Due, in part, to the large numbers of HJT logs being posted, there are four things that you need to be aware of.

1) If you have already posted this log at another forum, you need to post here that you have done so and this topic will be closed.
Multiple posting not only ties up valuable resources, but could also result is some unpleasant side-effects for your system if you follow two sets of instructions at the same time.
If, during research, an identical log is identified at another forum, this thread will be closed.

2) If you don't post a meaningful reply to any of my posts within five days, this thread will be closed. Due to limited free time I can only have so many open threads at any one time and if yours isn't active, somebody else's will be.
If, by omission, the thread hasn't be closed after five days and you post, it will just serve as a reminder to me to close it.
Please note that "I just dropped in to say Hi!" isn't a meaningful reply!

3) Malware removal is a tricky business, and malware writers don't tend to worry about the damage their creations do, so it is advisable to back-up all important files BEFORE we start. Although most cases have a successful conclusion, on occasion things don't go according to plan and it is better to be prepared for the worst.

4) Back-ups can get lost or damaged, so make two if the files are that important to you!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download HostsXpert by FunkyToad from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

You should now see the HostsXpert folder - open it and double click HostsXpert.exe
  • In the top left hand corner of the new window, ensure that the button says "Make ReadOnly?"
    If it says "Make Writable?", click it and it should change to the above.
  • Click on Restore MS Hosts File.
  • In the confirmation window, click on OK.
  • Finally, click the button mentioned above to make it read "Make Writable?".
Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh HJT log (run in Normal Mode) AND a description of how your PC is behaving.
Death to the salad eaters!

#3 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 08 November 2009 - 03:07 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users