Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hdmi internet itunes keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Malware redirectiong Search engines (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

 
Thread Tools
Watashi's Avatar
Computer Specs
Junior Member with 13 posts.
  
Join Date: Jan 2008
Experience: Intermediate
27-Oct-2009, 10:59 AM #1
Malware redirectiong Search engines
Computer wont allow me to do google searches or any searches for that matter. Also moving quite slower then the norm. Otherwise, nothing seems weird about the computer. Here are teh combofix, AAw, Hijackthis logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:21 AM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
O15 - Trusted Zone: http://www.philadelphonic.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 11118 bytes


ComboFix 09-10-26.03 - jack 10/27/2009 10:06.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.184 [GMT -4:00]
Running from: c:\documents and settings\jack\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 09:27 . 2009-10-26 09:27 -------- d-----w- c:\program files\Verizon Wireless
2009-10-25 13:30 . 2009-10-25 13:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-25 13:30 . 2009-10-06 19:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-12 19:48 . 2009-10-12 19:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 17:48 . 2009-10-12 17:48 -------- d-sh--w- c:\documents and settings\jack\PrivacIE
2009-10-12 17:41 . 2009-10-12 17:41 -------- d-sh--w- c:\documents and settings\jack\IETldCache
2009-10-12 17:39 . 2009-10-12 17:39 -------- d-----w- c:\windows\ie8updates
2009-10-12 17:36 . 2009-10-12 17:38 -------- dc-h--w- c:\windows\ie8
2009-10-12 17:34 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-12 17:34 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 17:34 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-06 19:51 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-06 19:47 . 2009-10-06 19:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-06 19:46 . 2009-10-06 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-06 19:46 . 2009-10-06 19:46 -------- d-----w- c:\program files\Lavasoft
2009-10-02 04:31 . 2009-10-02 04:31 -------- d-----w- c:\windows\Sun
2009-10-02 04:30 . 2009-10-02 04:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 04:30 . 2009-10-02 04:30 -------- d-----w- c:\program files\Java
2009-10-02 04:30 . 2009-10-02 04:30 152576 ----a-w- c:\documents and settings\jack\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 13:06 . 2008-12-16 14:52 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-18 16:01 . 2008-07-28 20:10 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 15:49 . 2008-07-28 19:56 -------- d-----w- c:\documents and settings\jack\Application Data\Blackberry Desktop
2009-09-26 13:24 . 2009-09-09 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\57fa050
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\documents and settings\jack\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\DIRECTV
2009-09-20 13:52 . 2009-09-20 13:53 38208 ----a-w- c:\documents and settings\jack\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2008-01-29 03:44 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-01-29 03:44 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-01-29 03:44 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-31 03:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-01-29 03:44 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-01-29 03:44 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-01-29 03:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-9-3 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2009 3:51 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [5/30/2008 9:51 AM 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 8:07 PM 102448]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: philadelphonic.com\www
Trusted Zone: state.mi.us\www2.dleg
Trusted Zone: superioruniformgroup.com\store
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-PDefender - c:\\Program Files\\Perfect Defender 2009\\UnInstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 10:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-27 10:17
ComboFix-quarantined-files.txt 2009-10-27 14:17

Pre-Run: 149,032,894,464 bytes free
Post-Run: 149,248,425,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 159293D5945CDF5368CC577D66BA29B8
Register for free to hide this ad!
Watashi's Avatar
Computer Specs
Junior Member with 13 posts.
  
Join Date: Jan 2008
Experience: Intermediate
28-Oct-2009, 02:37 AM #2
anyone at all please /bump?
Watashi's Avatar
Computer Specs
Junior Member with 13 posts.
  
Join Date: Jan 2008
Experience: Intermediate
30-Oct-2009, 02:30 PM #3
anyone /bump
Watashi's Avatar
Computer Specs
Junior Member with 13 posts.
  
Join Date: Jan 2008
Experience: Intermediate
06-Nov-2009, 10:03 PM #4
still waiting anyone help me? /bump
Reply Bookmark and Share

Tags
combofix, hijackthis, malware, virus

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 08:01 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.