Malware redirectiong Search engines

Watashi · 27-Oct-2009, 11:59 AM #1

Computer wont allow me to do google searches or any searches for that matter. Also moving quite slower then the norm. Otherwise, nothing seems weird about the computer. Here are teh combofix, AAw, Hijackthis logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:21 AM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 89.149.227.223 google.ae
O1 - Hosts: 89.149.227.223 google.as
O1 - Hosts: 89.149.227.223 google.at
O1 - Hosts: 89.149.227.223 google.az
O1 - Hosts: 89.149.227.223 google.ba
O1 - Hosts: 89.149.227.223 google.be
O1 - Hosts: 89.149.227.223 google.bg
O1 - Hosts: 89.149.227.223 google.bs
O1 - Hosts: 89.149.227.223 google.ca
O1 - Hosts: 89.149.227.223 google.cd
O1 - Hosts: 89.149.227.223 google.com.gh
O1 - Hosts: 89.149.227.223 google.com.hk
O1 - Hosts: 89.149.227.223 google.com.jm
O1 - Hosts: 89.149.227.223 google.com.mx
O1 - Hosts: 89.149.227.223 google.com.my
O1 - Hosts: 89.149.227.223 google.com.na
O1 - Hosts: 89.149.227.223 google.com.nf
O1 - Hosts: 89.149.227.223 google.com.ng
O1 - Hosts: 89.149.227.223 google.ch
O1 - Hosts: 89.149.227.223 google.com.np
O1 - Hosts: 89.149.227.223 google.com.pr
O1 - Hosts: 89.149.227.223 google.com.qa
O1 - Hosts: 89.149.227.223 google.com.sg
O1 - Hosts: 89.149.227.223 google.com.tj
O1 - Hosts: 89.149.227.223 google.com.tw
O1 - Hosts: 89.149.227.223 google.dj
O1 - Hosts: 89.149.227.223 google.de
O1 - Hosts: 89.149.227.223 google.dk
O1 - Hosts: 89.149.227.223 google.dm
O1 - Hosts: 89.149.227.223 google.ee
O1 - Hosts: 89.149.227.223 google.fi
O1 - Hosts: 89.149.227.223 google.fm
O1 - Hosts: 89.149.227.223 google.fr
O1 - Hosts: 89.149.227.223 google.ge
O1 - Hosts: 89.149.227.223 google.gg
O1 - Hosts: 89.149.227.223 google.gm
O1 - Hosts: 89.149.227.223 google.gr
O1 - Hosts: 89.149.227.223 google.ht
O1 - Hosts: 89.149.227.223 google.ie
O1 - Hosts: 89.149.227.223 google.im
O1 - Hosts: 89.149.227.223 google.in
O1 - Hosts: 89.149.227.223 google.it
O1 - Hosts: 89.149.227.223 google.ki
O1 - Hosts: 89.149.227.223 google.la
O1 - Hosts: 89.149.227.223 google.li
O1 - Hosts: 89.149.227.223 google.lv
O1 - Hosts: 89.149.227.223 google.ma
O1 - Hosts: 89.149.227.223 google.ms
O1 - Hosts: 89.149.227.223 google.mu
O1 - Hosts: 89.149.227.223 google.mw
O1 - Hosts: 89.149.227.223 google.nl
O1 - Hosts: 89.149.227.223 google.no
O1 - Hosts: 89.149.227.223 google.nr
O1 - Hosts: 89.149.227.223 google.nu
O1 - Hosts: 89.149.227.223 google.pl
O1 - Hosts: 89.149.227.223 google.pn
O1 - Hosts: 89.149.227.223 google.pt
O1 - Hosts: 89.149.227.223 google.ro
O1 - Hosts: 89.149.227.223 google.ru
O1 - Hosts: 89.149.227.223 google.rw
O1 - Hosts: 89.149.227.223 google.sc
O1 - Hosts: 89.149.227.223 google.se
O1 - Hosts: 89.149.227.223 google.sh
O1 - Hosts: 89.149.227.223 google.si
O1 - Hosts: 89.149.227.223 google.sm
O1 - Hosts: 89.149.227.223 google.sn
O1 - Hosts: 89.149.227.223 google.st
O1 - Hosts: 89.149.227.223 google.tl
O1 - Hosts: 89.149.227.223 google.tm
O1 - Hosts: 89.149.227.223 google.tt
O1 - Hosts: 89.149.227.223 google.us
O1 - Hosts: 89.149.227.223 google.vu
O1 - Hosts: 89.149.227.223 google.ws
O1 - Hosts: 89.149.227.223 google.co.ck
O1 - Hosts: 89.149.227.223 google.co.id
O1 - Hosts: 89.149.227.223 google.co.il
O1 - Hosts: 89.149.227.223 google.co.in
O1 - Hosts: 89.149.227.223 google.co.jp
O1 - Hosts: 89.149.227.223 google.co.kr
O1 - Hosts: 89.149.227.223 google.co.ls
O1 - Hosts: 89.149.227.223 google.co.ma
O1 - Hosts: 89.149.227.223 google.co.nz
O1 - Hosts: 89.149.227.223 google.co.tz
O1 - Hosts: 89.149.227.223 google.co.ug
O1 - Hosts: 89.149.227.223 google.co.uk
O1 - Hosts: 89.149.227.223 google.co.za
O1 - Hosts: 89.149.227.223 google.co.zm
O1 - Hosts: 89.149.227.223 google.com
O1 - Hosts: 89.149.227.223 google.com.af
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
O15 - Trusted Zone: http://www.philadelphonic.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 11118 bytes

ComboFix 09-10-26.03 - jack 10/27/2009 10:06.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.184 [GMT -4:00]
Running from: c:\documents and settings\jack\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-26 09:27 . 2009-10-26 09:27 -------- d-----w- c:\program files\Verizon Wireless
2009-10-25 13:30 . 2009-10-25 13:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-10-25 13:30 . 2009-10-06 19:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-12 19:48 . 2009-10-12 19:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-12 17:48 . 2009-10-12 17:48 -------- d-sh--w- c:\documents and settings\jack\PrivacIE
2009-10-12 17:41 . 2009-10-12 17:41 -------- d-sh--w- c:\documents and settings\jack\IETldCache
2009-10-12 17:39 . 2009-10-12 17:39 -------- d-----w- c:\windows\ie8updates
2009-10-12 17:36 . 2009-10-12 17:38 -------- dc-h--w- c:\windows\ie8
2009-10-12 17:34 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-12 17:34 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-12 17:34 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-06 19:51 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-06 19:47 . 2009-10-06 19:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-06 19:46 . 2009-10-06 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-06 19:46 . 2009-10-06 19:46 -------- d-----w- c:\program files\Lavasoft
2009-10-02 04:31 . 2009-10-02 04:31 -------- d-----w- c:\windows\Sun
2009-10-02 04:30 . 2009-10-02 04:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 04:30 . 2009-10-02 04:30 -------- d-----w- c:\program files\Java
2009-10-02 04:30 . 2009-10-02 04:30 152576 ----a-w- c:\documents and settings\jack\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 13:06 . 2008-12-16 14:52 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-18 16:01 . 2008-07-28 20:10 256 ----a-w- c:\windows\system32\pool.bin
2009-10-18 15:49 . 2008-07-28 19:56 -------- d-----w- c:\documents and settings\jack\Application Data\Blackberry Desktop
2009-09-26 13:24 . 2009-09-09 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\57fa050
2009-09-20 15:24 . 2009-09-20 15:24 -------- d-----w- c:\documents and settings\jack\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 13:53 . 2009-09-20 13:53 -------- d-----w- c:\program files\DIRECTV
2009-09-20 13:52 . 2009-09-20 13:53 38208 ----a-w- c:\documents and settings\jack\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2008-01-29 03:44 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-01-29 03:44 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-01-29 03:44 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-31 03:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-01-29 03:44 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-01-29 03:44 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-01-29 03:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-9-3 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/6/2009 3:51 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [5/30/2008 9:51 AM 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 8:07 PM 102448]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: philadelphonic.com\www
Trusted Zone: state.mi.us\www2.dleg
Trusted Zone: superioruniformgroup.com\store
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-PDefender - c:\\Program Files\\Perfect Defender 2009\\UnInstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 10:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-27 10:17
ComboFix-quarantined-files.txt 2009-10-27 14:17

Pre-Run: 149,032,894,464 bytes free
Post-Run: 149,248,425,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 159293D5945CDF5368CC577D66BA29B8

Watashi · 28-Oct-2009, 03:37 AM #2

anyone at all please /bump?

Watashi · 30-Oct-2009, 03:30 PM #3

anyone /bump

Watashi · 06-Nov-2009, 11:03 PM #4

still waiting anyone help me? /bump

Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!