1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

All search engine results lead me to attack sites.

Discussion in 'Virus & Other Malware Removal' started by AnniefromMiami, Jan 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. AnniefromMiami

    AnniefromMiami Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    5
    Every time I use a search engine (Google & Yahoo) using Mozilla and IE, the results listed are all virus/hacker sites. In addition to that virus problem, when I go to my bank's legitimate website or credit card sites and enter the wrong password, I am redirected to a page that looks exactly like my bank website and says you entered the wrong password. Then it prompts me to enter my pin and social security number to access my bank account. I almost fell for it. Please help me get this thing off my computer.
    thank you so much!:)


    Hijack Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:25:13 PM, on 1/14/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common

    Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

    Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

    Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) -

    SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 2281 bytes




    DDS LOG


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Ana at 22:26:57.60 on Fri 01/14/2011
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.171 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\Documents and Settings\Ana\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uPolicies-explorer: NoAutoUpdate = 1 (0x1)
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    Trusted Zone: motive.com\patttbc.att
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ana\applic~1\mozilla\firefox\profiles\pxv6dg7c.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?nm=1
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware

    terminator\FileObjInfo.sys [?]

    =============== File Associations ===============

    regfile=regedit.exe "%1" %*
    scrfile="%1" %*

    =============== Created Last 30 ================

    2011-01-15 02:59:10 388096 ----a-r- c:\docume~1\ana\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-10 14:36:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-01-10 14:36:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-07 03:00:06 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2011-01-07 03:00:02 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
    2011-01-07 03:00:02 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2011-01-05 01:19:29 -------- d-----w- C:\d4b197bc0a3e8c2bb465009e40
    2011-01-04 13:53:28 -------- d-----w- c:\windows\system32\XPSViewer
    2011-01-04 13:48:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-01-04 13:41:50 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-04 13:41:50 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-01-04 13:41:47 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-04 13:41:47 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-04 13:41:44 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-01-04 13:41:44 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-04 13:41:36 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-01-04 13:41:36 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-01-04 13:41:25 -------- d-----w- C:\6cf11dcd574361a06377d0f268
    2011-01-04 07:02:45 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2011-01-04 06:01:59 -------- d-----w- c:\windows\ie8updates
    2011-01-03 23:25:06 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-01-03 23:25:05 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-03 23:25:04 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-03 23:22:52 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-03 23:20:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-03 23:20:26 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-01-03 23:18:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-01-03 23:18:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-01-03 23:18:39 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-01-03 22:11:38 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
    2011-01-03 18:44:57 -------- d-sh--w- c:\documents and settings\ana\IECompatCache

    ==================== Find3M ====================

    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2007-04-15 21:53:51 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
    2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

    ============= FINISH: 22:28:22.51 ===============




    ARK LOG
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-14 22:13:14
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-28
    Running: xsfksuxj.exe; Driver: C:\DOCUME~1\Ana\LOCALS~1\Temp\axroiuog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF88B3760]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF72C7F80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\msdtc.exe[132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F29B5C
    .text C:\WINDOWS\system32\msdtc.exe[132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F296F9
    .text C:\WINDOWS\system32\msdtc.exe[132] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F29A0E
    .text C:\WINDOWS\system32\msdtc.exe[132] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F297DA
    .text C:\WINDOWS\system32\msdtc.exe[132] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F298AD
    .text C:\WINDOWS\system32\dllhost.exe[316] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01249B5C
    .text C:\WINDOWS\system32\dllhost.exe[316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012496F9
    .text C:\WINDOWS\system32\dllhost.exe[316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01249A0E
    .text C:\WINDOWS\system32\dllhost.exe[316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012497DA
    .text C:\WINDOWS\system32\dllhost.exe[316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012498AD
    .text C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[552] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF9B5C
    .text C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[552] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF96F9
    .text C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[552] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BF9A0E
    .text C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[552] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF97DA
    .text C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe[552] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BF98AD
    .text C:\Program Files\Java\jre6\bin\jqs.exe[624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01DC9B5C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01DC96F9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01DC9A0E
    .text C:\Program Files\Java\jre6\bin\jqs.exe[624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01DC97DA
    .text C:\Program Files\Java\jre6\bin\jqs.exe[624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01DC98AD
    .text C:\WINDOWS\system32\winlogon.exe[700] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 018D2946
    .text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[1008] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F59B5C
    .text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[1008] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F596F9
    .text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[1008] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F59A0E
    .text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[1008] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F597DA
    .text C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe[1008] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F598AD
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02FD9B5C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02FD96F9
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02FD9A0E
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02FD97DA
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02FD98AD
    .text C:\WINDOWS\Explorer.EXE[1576] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 00ED2758
    .text C:\WINDOWS\Explorer.EXE[1576] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C19B5C
    .text C:\WINDOWS\Explorer.EXE[1576] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C196F9
    .text C:\WINDOWS\Explorer.EXE[1576] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C19A0E
    .text C:\WINDOWS\Explorer.EXE[1576] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C197DA
    .text C:\WINDOWS\Explorer.EXE[1576] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C198AD
    .text C:\WINDOWS\system32\dllhost.exe[1768] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AD9B5C
    .text C:\WINDOWS\system32\dllhost.exe[1768] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AD96F9
    .text C:\WINDOWS\system32\dllhost.exe[1768] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AD9A0E
    .text C:\WINDOWS\system32\dllhost.exe[1768] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00AD97DA
    .text C:\WINDOWS\system32\dllhost.exe[1768] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AD98AD
    .text C:\WINDOWS\System32\vssvc.exe[2084] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AE9B5C
    .text C:\WINDOWS\System32\vssvc.exe[2084] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AE96F9
    .text C:\WINDOWS\System32\vssvc.exe[2084] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE9A0E
    .text C:\WINDOWS\System32\vssvc.exe[2084] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00AE97DA
    .text C:\WINDOWS\System32\vssvc.exe[2084] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AE98AD
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B79B5C
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B796F9
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2240] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B79A0E
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2240] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B797DA
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2240] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B798AD
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2544] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01439B5C
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2544] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014396F9
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2544] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01439A0E
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2544] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014397DA
    .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2544] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014398AD
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02C69B5C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02C696F9
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02C69A0E
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02C697DA
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02C698AD
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2616] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\WINDOWS\System32\alg.exe[3516] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B29B5C
    .text C:\WINDOWS\System32\alg.exe[3516] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B296F9
    .text C:\WINDOWS\System32\alg.exe[3516] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B29A0E
    .text C:\WINDOWS\System32\alg.exe[3516] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B297DA
    .text C:\WINDOWS\System32\alg.exe[3516] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B298AD
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[200] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. AnniefromMiami

    AnniefromMiami Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    5
    Anyone?

    My browser is definitely hijacked. Any search engine I use displays search results to InfoMash happili scour searchhero virus websites....

    I'm patient but struggling to deal with this alone.

    Thanks
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya AnniefromMiami,

    As follows please :-

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Before saving to your Desktop rename Combofix to Gotcha.exe as below:

    [​IMG]

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection


    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply,

    Kevin
     
  4. AnniefromMiami

    AnniefromMiami Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    5
    Thanks Kevin. Great suggestions. Midway through the scan said Rootkit - TDL3 is detected.
    Here's my log!:)



    ComboFix 11-01-22.01 - Ana 01/22/2011 14:40:44.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.264 [GMT -5:00]
    Running from: c:\documents and settings\Ana\Desktop\Gotcha.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Ana\GoToAssistDownloadHelper.exe
    c:\documents and settings\Application Data\Microsoft
    c:\documents and settings\HelpAssistant\GoToAssistDownloadHelper.exe
    c:\program files\WinPCap
    c:\program files\WinPCap\install.log
    c:\windows\system32\dumphive.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
    .

    2011-01-20 01:07 . 2011-01-20 01:07 -------- d-----w- c:\windows\Cache
    2011-01-15 02:59 . 2011-01-15 02:59 388096 ----a-r- c:\documents and settings\Ana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-10 14:36 . 2011-01-10 14:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-05 01:19 . 2011-01-05 01:19 -------- d-----w- C:\d4b197bc0a3e8c2bb465009e40
    2011-01-04 13:53 . 2011-01-04 13:53 -------- d-----w- c:\windows\system32\XPSViewer
    2011-01-04 13:52 . 2011-01-04 13:52 -------- d-----w- c:\program files\MSBuild
    2011-01-04 13:51 . 2011-01-04 13:51 -------- d-----w- c:\program files\Reference Assemblies
    2011-01-04 13:48 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-01-04 13:41 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-04 13:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-01-04 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-04 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-04 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-01-04 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-04 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-01-04 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-01-04 13:41 . 2011-01-04 13:49 -------- d-----w- C:\6cf11dcd574361a06377d0f268
    2011-01-04 07:02 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2011-01-04 06:01 . 2011-01-13 05:12 -------- d-----w- c:\windows\ie8updates
    2011-01-03 23:25 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-01-03 23:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-03 23:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-03 23:22 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-03 23:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-03 23:20 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-01-03 23:18 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-01-03 23:18 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-01-03 23:18 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-01-03 22:11 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\wuweb.dll
    2011-01-03 22:11 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
    2011-01-03 20:16 . 2011-01-03 20:16 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
    2011-01-03 20:16 . 2011-01-03 20:16 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
    2011-01-03 18:44 . 2011-01-03 18:44 -------- d-sh--w- c:\documents and settings\Ana\IECompatCache
    2010-12-26 14:21 . 2010-12-26 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2004-08-10 18:02 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-02 15:17 . 2004-08-10 17:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-10 17:50 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-10 17:51 1853312 ----a-w- c:\windows\system32\win32k.sys
    2007-04-15 21:53 . 2007-04-15 21:52 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
    2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "ISPwdSvc"=3 (0x3)
    "ccPwdSvc"=3 (0x3)
    "GEARSecurity"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "6145:TCP"= 6145:TCP:Services
    "3389:TCP"= 3389:TCP:Remote Desktop
    "1857:TCP"= 1857:TCP:Services
    "5591:TCP"= 5591:TCP:Services
    "2986:TCP"= 2986:TCP:Services
    "4472:TCP"= 4472:TCP:Services

    S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{0C6B789A-3B0B-492A-B7E9-70CAE614BF04}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.yahoo.com/
    Trusted Zone: motive.com\patttbc.att
    FF - ProfilePath - c:\documents and settings\Ana\Application Data\Mozilla\Firefox\Profiles\pxv6dg7c.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?nm=1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKLM-Run-%PROVIDERID% - bin\sprtcmd.exe
    Notify-WgaLogon - (no file)
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1105772338-2550017009-2215692587-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1105772338-2550017009-2215692587-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (S-1-5-21-1105772338-2550017009-2215692587-1006)
    @Allowed: (Read) (S-1-5-21-1105772338-2550017009-2215692587-1006)
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2011-01-22 14:56:11
    ComboFix-quarantined-files.txt 2011-01-22 19:56

    Pre-Run: 44,337,086,464 bytes free
    Post-Run: 44,959,096,832 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - BA04361CC36463BC67C1BD3D68151600
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
    Close out all other open programs and windows.
    Double click the file to run it and follow any prompts.
    If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
    Upon restarting, please wait about 5 minutes, click Start > Run and type the following bolded command, then hit Enter.

    helpasst -mbrt

    Make sure you leave a space between helpasst and -mbrt !
    When it completes, a log will open.
    Please post the contents of that log.

    *In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

    mbr -f Note the space between mbr and -f

    Now, please do the Start > Run > mbr -f command a second time.
    Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
    Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

    helpasst -mbrt

    Make sure you leave a space between helpasst and -mbrt !
    When it completes, a log will open.
    Please post the contents of that log.

    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
  6. AnniefromMiami

    AnniefromMiami Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    5
    While running HelpAsst it did say it found an mbr infection. I let it shutdown my pc after running the scan. My computer froze for 10 minutes during the 'Windows is shutting down' process. So I ended up turning the power off.



    C:\Documents and Settings\Ana\Desktop\HelpAsst_mebroot_fix.exe
    Sat 01/22/2011 at 16:27:25.64

    HelpAssistant account Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~

    backing up DomainProfile\GloballyOpenPorts\List registry key
    closing rogue ports

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
    80:TCP=-

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Sat 01/22/2011 at 16:30:42.42

    Account active No
    Local Group Memberships

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 0x094FE9BD
    malicious code @ sector 0x094FE9C0 !
    PE file found in sector at 0x094FE9D6 !

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
    80:TCP=80:TCP:*:Enabled:Services

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run Combofix (Gotcha) again and post the log please...
     
  8. AnniefromMiami

    AnniefromMiami Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    5
    After running ComboFix and completing stage 50 - windows erro box popped up and said PEV.exe has encountered a problem and needs to close.. here's the latest combofix log





    ComboFix 11-01-22.01 - Ana 01/22/2011 17:07:40.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.282 [GMT -5:00]
    Running from: c:\documents and settings\Ana\Desktop\Gotcha.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
    .

    2011-01-22 20:43 . 2011-01-22 20:43 -------- d-----w- C:\HelpAsst_backup
    2011-01-20 01:07 . 2011-01-20 01:07 -------- d-----w- c:\windows\Cache
    2011-01-15 02:59 . 2011-01-15 02:59 388096 ----a-r- c:\documents and settings\Ana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-10 14:36 . 2011-01-10 14:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-01-05 01:19 . 2011-01-05 01:19 -------- d-----w- C:\d4b197bc0a3e8c2bb465009e40
    2011-01-04 13:53 . 2011-01-04 13:53 -------- d-----w- c:\windows\system32\XPSViewer
    2011-01-04 13:52 . 2011-01-04 13:52 -------- d-----w- c:\program files\MSBuild
    2011-01-04 13:51 . 2011-01-04 13:51 -------- d-----w- c:\program files\Reference Assemblies
    2011-01-04 13:48 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-01-04 13:41 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-01-04 13:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-01-04 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-01-04 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-01-04 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-01-04 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-01-04 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-01-04 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-01-04 13:41 . 2011-01-04 13:49 -------- d-----w- C:\6cf11dcd574361a06377d0f268
    2011-01-04 07:02 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2011-01-04 06:01 . 2011-01-13 05:12 -------- d-----w- c:\windows\ie8updates
    2011-01-03 23:25 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-01-03 23:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-03 23:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-03 23:22 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-03 23:20 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-03 23:20 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-01-03 23:18 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-01-03 23:18 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-01-03 23:18 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-01-03 22:11 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\wuweb.dll
    2011-01-03 22:11 . 2009-08-07 00:24 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
    2011-01-03 18:44 . 2011-01-03 18:44 -------- d-sh--w- c:\documents and settings\Ana\IECompatCache
    2010-12-26 14:21 . 2010-12-26 14:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 18:12 . 2004-08-10 18:02 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-02 15:17 . 2004-08-10 17:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-10 17:50 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-10 17:51 1853312 ----a-w- c:\windows\system32\win32k.sys
    2007-04-15 21:53 . 2007-04-15 21:52 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe
    2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_19.52.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-01-22 22:05 . 2011-01-22 22:05 16384 c:\windows\Temp\Perflib_Perfdata_4f4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "%PROVIDERID%"="bin\sprtcmd.exe" [BU]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "ISPwdSvc"=3 (0x3)
    "ccPwdSvc"=3 (0x3)
    "GEARSecurity"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

    S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{0C6B789A-3B0B-492A-B7E9-70CAE614BF04}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.yahoo.com/
    Trusted Zone: motive.com\patttbc.att
    FF - ProfilePath - c:\documents and settings\Ana\Application Data\Mozilla\Firefox\Profiles\pxv6dg7c.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?nm=1
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1105772338-2550017009-2215692587-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1105772338-2550017009-2215692587-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (S-1-5-21-1105772338-2550017009-2215692587-1006)
    @Allowed: (Read) (S-1-5-21-1105772338-2550017009-2215692587-1006)
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2011-01-22 17:21:06
    ComboFix-quarantined-files.txt 2011-01-22 22:21
    ComboFix2.txt 2011-01-22 19:56

    Pre-Run: 44,971,843,584 bytes free
    Post-Run: 44,968,271,872 bytes free

    - - End Of File - - 60B17F292E6E366DF97564136E049A13
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You have no dedicated Antivirus protection installed go Here for Microsoft Security Essential, hit the Download now button and follow the prompts. When the installation is complete MSSE will want to update and do a quick scan, please allow this to happen.
    Let me know if MSSE finds anything, there will be no log produced but you can look in the History tab from the main interface.

    Also let me know how your system is responding and what issues remain.

    Kevin
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974753

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice