Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] Google Redirect

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 10th July 2009   #1
Member
 
Profile:
Join Date: Jul 2009
Posts: 4
Computer Experience:
experienced
James Milburn Reputation Level
[Active] Google Redirect
hi i am suffering from malware on my MSI wind micro laptop which redirects all search engine results to different pages if someone could help i twould be apreciated here is my hj log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:48, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TDSupportApp\cdrom_mon.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\TDSupportApp\cdrom_mon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 4915 bytes
James Milburn is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 10th July 2009   #2
Administrator
 
Admin.'s Avatar
 
Profile:
Join Date: Dec 2001
Location: 35⁰ 53'55.1" N, 14⁰ 28'37.5" E
Posts: 3,246
Computer Experience:
***
Admin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation Level

My System

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

Your HJT log is insufficient.
Admin. is offline   Reply With Quote
Old 10th July 2009   #3
Member
 
Profile:
Join Date: Jul 2009
Posts: 4
Computer Experience:
experienced
James Milburn Reputation Level
Hi I now have the correct log files - thanks again


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 07/01/2009 23:43:07
System Uptime: 07/10/2009 14:14:04 (-2135 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | U-100
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 25.203 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 45.293 GiB free.
E: is Removable
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/07/2009 03:29:26 - System Checkpoint

==== Installed Programs ======================


2007 Microsoft Office system
AAC Decoder
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bluetooth Stack for Windows by Toshiba
BurnRecovery
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Google Chrome
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
iTunes
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
MKV Splitter
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spybot - Search & Destroy
System Control Manager
TeamSpeak 2 RC2
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB 2.0 Card Reader
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200)
Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)
Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
ZTE Mobile Connection

==== Event Viewer Messages From Past Week ========

09/07/2009 22:59:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
09/07/2009 21:12:43, error: Service Control Manager [7022] - The sfx service hung on starting.
09/07/2009 21:11:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service ALGDnscache service to connect.
09/07/2009 21:11:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Alerter AlerterdmadminWebClientmnmsrvc service to connect.
09/07/2009 21:11:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Alerter AlerterdmadminWebClientmnmsrvc AlerterdmadminWebClientmnmsrvcupnphost service to connect.
09/07/2009 20:12:01, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
09/07/2009 19:17:39, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
09/07/2009 19:09:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/07/2009 18:58:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
09/07/2009 18:58:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
09/07/2009 18:46:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09/07/2009 18:32:27, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sfxdrv Tcpip Tosrfcom
09/07/2009 18:32:27, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
09/07/2009 18:32:27, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/07/2009 18:32:27, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/07/2009 18:32:27, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
09/07/2009 18:32:27, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================






DDS (Ver_09-06-26.01) - NTFSx86
Run by Milb at 15:58:06.98 on 10/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1652 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TDSupportApp\cdrom_mon.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe -k sfx
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Milb\Desktop\dds.scr
C:\Documents and Settings\Milb\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [2008-10-15 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [2009-7-7 9472]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\tdsupportapp\cdrom_mon.exe [2009-4-5 81920]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-10-16 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-16 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-10-16 306176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-10-16 625792]

=============== Created Last 30 ================

2009-07-10 01:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-10 01:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-10 01:31 3,255 a------- c:\windows\system32\wbem\Outlook_01ca00f5bdd27c9a.mof
2009-07-10 00:18 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 23:00 <DIR> a-dshr-- C:\cmdcons
2009-07-09 22:58 161,792 a------- c:\windows\SWREG.exe
2009-07-09 22:58 155,136 a------- c:\windows\PEV.exe
2009-07-09 22:58 98,816 a------- c:\windows\sed.exe
2009-07-09 19:53 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 18:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-09 16:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-09 16:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 16:34 <DIR> --d----- c:\program files\Lavasoft
2009-07-07 19:25 1 ----h--- c:\windows\jmmark2.dat
2009-07-07 19:25 1 ----h--- c:\windows\bf23567.dat
2009-07-07 17:38 <DIR> --d----- c:\program files\sfx
2009-07-07 17:38 1 a------- c:\windows\934fdfg34fgjf23
2009-06-12 10:34 197 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 15:58:41.79 ===============
James Milburn is offline   Reply With Quote
Old 10th July 2009   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,584
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Which browser gets redirected?
broni is online now   Reply With Quote
Old 10th July 2009   #5
Member
 
Profile:
Join Date: Jul 2009
Posts: 4
Computer Experience:
experienced
James Milburn Reputation Level
any browser which i have attempted to use has suffered from the same problem im afraid : (
James Milburn is offline   Reply With Quote
Old 10th July 2009   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 4,584
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.
broni is online now   Reply With Quote
Old 11th July 2009   #7
Member
 
Profile:
Join Date: Jul 2009
Posts: 4
Computer Experience:
experienced
James Milburn Reputation Level
here are the logs after running combo fix - thanks again


DDS (Ver_09-06-26.01) - NTFSx86
Run by Milb at 1:26:52.51 on 11/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1654 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TDSupportApp\cdrom_mon.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe -k sfx
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Milb\Desktop\dds.scr
C:\Documents and Settings\Milb\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [2008-10-15 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [2009-7-7 9472]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\tdsupportapp\cdrom_mon.exe [2009-4-5 81920]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-10-16 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-16 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-10-16 306176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-10-16 625792]

=============== Created Last 30 ================

2009-07-10 01:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-10 01:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-10 01:31 3,255 a------- c:\windows\system32\wbem\Outlook_01ca00f5bdd27c9a.mof
2009-07-10 00:18 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 23:00 <DIR> a-dshr-- C:\cmdcons
2009-07-09 22:58 161,792 a------- c:\windows\SWREG.exe
2009-07-09 22:58 155,136 a------- c:\windows\PEV.exe
2009-07-09 22:58 98,816 a------- c:\windows\sed.exe
2009-07-09 19:53 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 18:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-09 16:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-09 16:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 16:34 <DIR> --d----- c:\program files\Lavasoft
2009-07-07 19:25 1 ----h--- c:\windows\jmmark2.dat
2009-07-07 19:25 1 ----h--- c:\windows\bf23567.dat
2009-07-07 17:38 <DIR> --d----- c:\program files\sfx
2009-07-07 17:38 1 a------- c:\windows\934fdfg34fgjf23
2009-06-12 10:34 197 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 1:27:26.92 ===============



DDS (Ver_09-06-26.01) - NTFSx86
Run by Milb at 1:26:52.51 on 11/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1654 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TDSupportApp\cdrom_mon.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe -k sfx
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Milb\Desktop\dds.scr
C:\Documents and Settings\Milb\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [2008-10-15 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-9 64160]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [2009-7-7 9472]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\tdsupportapp\cdrom_mon.exe [2009-4-5 81920]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-10-16 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-10-16 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [2008-10-16 306176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-10-16 625792]

=============== Created Last 30 ================

2009-07-10 01:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-10 01:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-10 01:31 3,255 a------- c:\windows\system32\wbem\Outlook_01ca00f5bdd27c9a.mof
2009-07-10 00:18 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 23:00 <DIR> a-dshr-- C:\cmdcons
2009-07-09 22:58 161,792 a------- c:\windows\SWREG.exe
2009-07-09 22:58 155,136 a------- c:\windows\PEV.exe
2009-07-09 22:58 98,816 a------- c:\windows\sed.exe
2009-07-09 19:53 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 18:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-09 16:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-09 16:34 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 16:34 <DIR> --d----- c:\program files\Lavasoft
2009-07-07 19:25 1 ----h--- c:\windows\jmmark2.dat
2009-07-07 19:25 1 ----h--- c:\windows\bf23567.dat
2009-07-07 17:38 <DIR> --d----- c:\program files\sfx
2009-07-07 17:38 1 a------- c:\windows\934fdfg34fgjf23
2009-06-12 10:34 197 a------- c:\windows\system32\MRT.INI

==================== Find3M ====================

2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 1:27:26.92 ===============


ComboFix 09-07-09.08 - Milb 10/07/2009 23:20.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1675 [GMT 1:00]
Running from: c:\documents and settings\Milb\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_drv


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 00:56 . 2009-07-10 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-10 00:56 . 2009-07-10 00:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-09 18:53 . 2009-07-09 18:53 -------- d-----w- c:\program files\Trend Micro
2009-07-09 17:27 . 2009-07-09 17:27 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-09 17:27 . 2009-07-09 17:27 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 17:27 . 2009-07-09 17:27 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-09 17:27 . 2009-07-09 17:27 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-09 17:27 . 2009-07-09 17:27 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-09 17:27 . 2009-07-09 17:27 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-09 17:27 . 2009-07-09 17:27 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-09 15:36 . 2009-07-09 17:26 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-09 15:34 . 2009-07-09 15:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-09 15:34 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-09 15:34 . 2009-07-09 15:34 -------- d-----w- c:\program files\Lavasoft
2009-07-09 15:34 . 2009-07-09 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 18:25 . 2009-07-07 18:25 1 ---h--w- c:\windows\jmmark2.dat
2009-07-07 18:25 . 2009-07-07 18:25 1 ---h--w- c:\windows\bf23567.dat
2009-07-07 16:38 . 2009-07-07 16:38 -------- d-----w- c:\program files\sfx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 02:06 . 2009-04-05 17:01 -------- d-----w- c:\program files\ZTE Mobile Connection
2009-07-09 17:27 . 2009-07-09 17:12 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-09 17:27 . 2009-07-09 17:27 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 17:26 . 2009-07-09 17:26 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-09 17:26 . 2009-07-09 17:26 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-09 17:26 . 2009-07-09 17:26 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-09 17:26 . 2009-07-09 17:26 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-09 17:26 . 2009-07-09 17:26 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-09 17:26 . 2009-07-09 17:26 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-09 17:26 . 2009-07-09 17:26 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-09 17:26 . 2009-07-09 17:26 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 17:26 . 2009-07-09 17:26 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-09 17:26 . 2009-07-09 17:26 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-09 17:26 . 2009-07-09 17:26 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-08 18:47 . 2009-05-28 21:05 235 --s-a-w- c:\windows\system32\2096453833.dat
2009-05-07 15:32 . 2008-10-15 21:59 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2008-10-15 21:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-10-15 21:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2008-10-15 21:59 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-10-15 21:59 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2005-03-25 13:00 333312 EC676733442B122F1828FCD03B86C20B c:\windows\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[-] 2005-03-25 13:00 333312 EC676733442B122F1828FCD03B86C20B c:\windows\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\TCPIP.SYS
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_23.16.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-14 03:16 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2009-02-14 03:16 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2008-10-15 21:59 . 2009-07-10 00:31 41238 c:\windows\system32\perfc009.dat
+ 2009-07-10 00:59 . 2007-03-06 01:22 14048 c:\windows\ie7updates\KB938127-v2-IE7\spmsg.dll
+ 2009-07-10 00:59 . 2007-03-06 01:22 22752 c:\windows\ie7updates\KB938127-v2-IE7\spcustom.dll
+ 2008-10-15 21:59 . 2009-07-10 00:31 315076 c:\windows\system32\perfh009.dat
+ 2008-10-15 22:13 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
- 2008-10-15 22:13 . 2007-08-13 17:54 765952 c:\windows\system32\dllcache\VGX.dll
+ 2009-07-10 00:59 . 2007-08-13 17:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-07-10 00:59 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\updspapi.dll
+ 2009-07-10 00:59 . 2007-03-06 01:22 716000 c:\windows\ie7updates\KB938127-v2-IE7\update.exe
+ 2009-07-10 00:59 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-07-10 00:59 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2009-07-10 00:59 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-09 520024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:sfx

R?2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [15/10/2008 22:59 14336]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09/07/2009 16:36 64160]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [07/07/2009 17:38 9472]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\TDSupportApp\cdrom_mon.exe [05/04/2009 18:01 81920]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 1029456]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [16/10/2008 00:12 159744]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [16/10/2008 00:00 156160]
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys [16/10/2008 00:09 306176]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [16/10/2008 02:40 625792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
sfx REG_MULTI_SZ sfx
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:26]

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-276271501-2316617745-3789919041-1005Core.job
- c:\documents and settings\Milb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 18:59]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-276271501-2316617745-3789919041-1005UA.job
- c:\documents and settings\Milb\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-07 18:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 23:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-10 23:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 22:30
ComboFix2.txt 2009-07-10 02:38
ComboFix3.txt 2009-07-09 23:47
ComboFix4.txt 2009-07-09 23:19

Pre-Run: 27,047,866,368 bytes free
Post-Run: 27,021,983,744 bytes free

171 --- E O F --- 2009-07-10 00:59
James Milburn is offline   Reply With Quote
Reply

« [Resolved] Internet Explorer cannot find "file:///" | [Active] Something is shutting down my services.. »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[InActive] Google Redirect scottiecb19 Malware and Virus Removal 9 25th April 2009 16:36
[Active] Google Redirect etc also with windows search disabled smisle Malware and Virus Removal 8 22nd April 2009 09:54
[Active] Google Redirect and other trojans pocket1 Malware and Virus Removal 32 4th March 2009 17:12
[Active] Getting google redirect problems and blue screen captainsweb Malware and Virus Removal 10 26th February 2009 18:55
[Active] Google Redirect Problem truicon Malware and Virus Removal 7 14th February 2009 03:25


All times are GMT +1. The time now is 18:27.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32