Jump to content

diageminc

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for all your help, I appreciate the excellent work and help that you have provided .
  2. Thanks for your help, i think the issue is solved, can I ask what was the problem?
  3. HI, I think the problem is only with Firefox, i am not 100% sure if IE has the same problem or not as i rarely use IE, I did try to do some search via IE and it did take me to the correct sites, so i think the problem is with Firefox, anyways here is the gored log GooredFix v1.92 by jpshortstuff Log created at 11:13 on 14/04/2009 running Option #2 (Amit) Firefox version 3.0.8 (en-US) =====Goored Deletions===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{E67740CC-1986-4C00-9422-132985D6CB48}"="C:\Documents and Settings\Amit\Local Settings\Application Data\{E67740CC-1986-4C00-9422-132985D6CB48}" ->Backing up value... Done. ->Deleting value... Done. C:\Documents and Settings\Amit\Local Settings\Application Data\{E67740CC-1986-4C00-9422-132985D6CB48} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions] "Components"="C:\Program Files\Mozilla Firefox\components"
  4. hi, 1. It redirects when i click on the links (the search results themselves are fine) , the sites it mostly redirects to are "search" type of sites such as topica, toseek, findstuff.com etc. somehow it recognizes the search term are product type of searches and then it assumes that i want to buy those type of products, and as mentioned previously it does not redirect all the time, if i click on the same link again then it does take me to the legitimate site. 2. I have IE and Firefox together, most of the time i use firefox only, but certain sites are not firefox friendly so for those sites i open up IE 3. Not sure why the files have a later datestamp, i am using cracked version photoshop and office
  5. Please find the ComboFix log here, i appreciate your help ComboFix 09-04-14.09 - Amit 04/14/2009 9:41.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.631 [GMT -8:00] Running from: c:\documents and settings\Amit\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 ))))))))))))))))))))))))))))))) . 2012-12-12 12:12 . 2012-12-12 12:12 65536 ------w c:\windows\system32\MSRTEDIT.DLL 2012-12-12 12:12 . 2012-12-12 12:12 1221464 ------w c:\windows\system32\IMMC.EXE 2009-04-13 17:36 . 2009-02-13 19:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-13 17:35 . 2009-04-13 17:35 -------- d-----w c:\program files\Avira 2009-04-13 17:35 . 2009-04-13 17:35 -------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-03-23 20:51 . 2009-03-23 20:51 -------- d-----w c:\documents and settings\Amit\Application Data\InstallShield Installation Information 2009-03-23 20:51 . 2009-03-23 20:55 -------- d-----r c:\program files\CMS Products . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-13 22:01 . 2005-06-09 20:24 -------- d-----w c:\program files\America Online 8.0 2009-04-09 19:45 . 2004-05-10 22:32 -------- d-----w c:\program files\Common Files\AOL 2009-04-09 19:44 . 2007-03-29 00:00 -------- d-----w c:\program files\Windows Live Safety Center 2009-04-09 19:44 . 2008-07-18 20:12 -------- d-----w c:\program files\QuickTime 2009-04-09 19:44 . 2004-05-10 22:31 -------- d-----w c:\program files\Modem Helper 2009-04-09 19:44 . 2005-01-14 22:25 -------- d-----w c:\program files\Galaxy 2009-04-09 19:44 . 2004-06-10 00:44 -------- d-----w c:\program files\DMMultiView 2009-04-09 19:44 . 2005-01-12 18:07 -------- d-----w c:\program files\Common Files\aolshare 2009-04-09 19:43 . 2008-04-04 23:04 -------- d-----w c:\program files\Audible 2009-04-09 19:43 . 2005-01-13 22:34 -------- d-----w c:\program files\America Online 7.0 2009-04-08 21:33 . 2009-02-25 21:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-06 23:32 . 2009-02-25 21:43 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 23:32 . 2009-02-25 21:43 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-10 17:42 . 2009-02-25 19:51 -------- d-----w c:\program files\Trend Micro 2009-03-09 16:18 . 2007-02-23 20:22 -------- d-----w c:\documents and settings\Amit\Application Data\Corel 2009-02-26 19:26 . 2009-02-26 19:26 -------- d-----w c:\program files\BannerDesignerPro 2009-02-26 18:13 . 2009-02-26 18:13 -------- d-----w c:\program files\EZBackitup 2009-02-25 22:17 . 2009-02-25 22:17 -------- d-----w c:\program files\CCleaner 2009-02-25 21:52 . 2009-02-25 21:52 -------- d-----w c:\documents and settings\Administrator.AMITNEWCOMP\Application Data\Malwarebytes 2009-02-25 21:43 . 2009-02-25 21:43 -------- d-----w c:\documents and settings\Amit\Application Data\Malwarebytes 2009-02-25 21:38 . 2009-02-25 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro 2009-02-25 21:16 . 2009-02-25 21:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-25 19:12 . 2009-02-25 19:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Lavasoft 2009-02-09 11:13 . 2008-10-16 16:44 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys 2009-02-09 11:13 . 2003-07-15 21:01 1846784 ------w c:\windows\SYSTEM32\win32k.sys 2009-01-28 18:02 . 2005-11-23 19:43 60744 ----a-w c:\documents and settings\Amit\g2mdlhlpx.exe 2009-01-17 05:35 . 2006-05-19 15:08 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll 2008-07-16 22:09 . 2004-06-05 19:33 74744 ----a-w c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2006-04-21 16:50 . 2006-04-21 16:50 630784 ----a-w c:\documents and settings\Amit\chatlnk.exe 2005-01-14 22:31 . 2005-01-14 22:31 127 ----a-w c:\documents and settings\Amit\Local Settings\Application Data\fusioncache.dat 2004-05-10 22:41 . 2009-02-25 21:45 40080 ----a-w c:\documents and settings\Administrator.AMITNEWCOMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2004-05-10 22:41 . 2009-02-25 19:07 40080 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2008-12-20 6066688] [HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472] "EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-04 631808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\documents and settings\Amit\Start Menu\Programs\Startup\ Shortcut to PK32.lnk - c:\program files\Perfect Keyboard\PK32.EXE [2004-6-5 647168] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-21 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-12-20 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-10-31 19:01 8704 ------w c:\windows\SYSTEM32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv50"= c:\windows\ir50_32.dll "vidc.mpg4"= c:\windows\mpg4c32.dll "vidc.mpg2"= c:\windows\mpg4c32.dll "vidc.mpg3"= c:\windows\mpg4c32.dll "vidc.GEOX"= c:\windows\GeoCodec.dll "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.mp42"= c:\windows\Mpg4c32.dll "vidc.mp43"= c:\windows\Mpg4c32.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLRebootNeeded] /s [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLToolbarDirRemoval] rd [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-10-01 20:57 111936 ----a-w c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2003-08-06 06:04 114741 ------w c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2003-08-13 15:27 28672 ------w c:\windows\System32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-03-21 00:34 213936 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-03-21 00:34 213936 ----a-w c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-03-21 00:34 86960 ----a-w c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-10-02 02:57 289576 ----a-w c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2003-10-06 15:05 53248 ----a-w c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2002-11-08 07:22 4243456 ------w c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2003-08-27 00:47 204800 ------w c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 23:09 413696 ----a-w c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2003-08-19 08:01 110592 ----a-w c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-31 00:45 313472 ----a-r c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] 2002-11-08 07:22 770117 ------w c:\windows\SYSTEM32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2002-11-08 07:22 315392 ------w c:\windows\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AdobeActiveFileMonitor5.0"=2 (0x2) "NTService1"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 8.0\\waol.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\WinAw32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\RemoteView\\BcastTcp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1678:UDP"= 1678:UDP:Windows Media Format SDK (firefox.exe) "1679:UDP"= 1679:UDP:Windows Media Format SDK (firefox.exe) "1684:UDP"= 1684:UDP:Windows Media Format SDK (firefox.exe) "1685:UDP"= 1685:UDP:Windows Media Format SDK (firefox.exe) "1696:UDP"= 1696:UDP:Windows Media Format SDK (firefox.exe) "1697:UDP"= 1697:UDP:Windows Media Format SDK (firefox.exe) R3 AvFlt;Antivirus Filter Driver; [x] R3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE [2002-12-18 311872] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-06 108289] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856] S2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe [2002-12-18 7520337] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504] . Contents of the 'Scheduled Tasks' folder 2004-06-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12] . - - - - ORPHANS REMOVED - - - - SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://members.ebay.com/aboutme/diageminc uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\SYSTEM32\mscoree.dll DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://promero.webex.com/client/T23L/webex/ieatgpc.cab DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup155.cab DPF: {E84E5574-FAE4-4EE2-877D-092AFF688F21} - hxxp://192.168.0.200/cab/RPB.cab FF - ProfilePath - c:\documents and settings\Amit\Application Data\Mozilla\Firefox\Profiles\default.5b1\ FF - prefs.js: browser.startup.homepage - hxxp://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&userid=diageminc FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-14 09:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2028) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\Perfect Keyboard\keydll.dll . Completion time: ~,10time:~,-3 ComboFix-quarantined-files.txt 2009-04-14 17:45 ComboFix2.txt 2009-04-14 17:30 ComboFix3.txt 2009-03-12 18:00 Pre-Run: 39,588,352,000 bytes free Post-Run: 39,573,938,176 bytes free 220 --- E O F --- 2009-03-14 00:23
  6. forgot to mention that the redirect occurs only on the first try, after that it does take you to the correct site
  7. hi unfortunately the problem is still there, i just did a search and it redirected the site to something else
  8. thanks here is the report from avira Avira AntiVir Personal Report file date: Monday, April 13, 2009 09:43 Scanning for 1347764 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Amit Computer name : AMITNEWCOMP Version information: BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00 AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 20:13:26 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26 ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 4/1/2009 17:39:18 ANTIVIR3.VDF : 7.1.3.43 178688 Bytes 4/13/2009 17:39:19 Engineversion : 8.2.0.138 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/28/2009 01:36:42 AESCRIPT.DLL : 8.1.1.73 373114 Bytes 4/13/2009 17:39:31 AESCN.DLL : 8.1.1.10 127348 Bytes 4/13/2009 17:39:30 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41 AEPACK.DLL : 8.1.3.12 397687 Bytes 4/13/2009 17:39:29 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:56 AEHEUR.DLL : 8.1.0.114 1700214 Bytes 4/13/2009 17:39:27 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 04:01:56 AEGEN.DLL : 8.1.1.33 340340 Bytes 4/13/2009 17:39:22 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40 AECORE.DLL : 8.1.6.7 176502 Bytes 4/13/2009 17:39:20 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09 AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 15:52:24 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 19:45:45 RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 23:55:12 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, A:, D:, E:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Monday, April 13, 2009 09:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'PK32.EXE' - '1' Module(s) have been scanned Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned Scan process 'EZBkuptray.exe' - '1' Module(s) have been scanned Scan process 'mbamgui.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'QBCFMonitorService.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'mbamservice.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Starting master boot sector scan: Start scanning boot sectors: Starting to scan executable files (registry). The registry was scanned ( '55' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Program Files\America Online 8.0\AdminChk1.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan C:\Program Files\Trend Micro\Internet Security(2)\Quarantine\rdl2.tmp [0] Archive type: HIDDEN --> FIL\\\?\C:\Program Files\Trend Micro\Internet Security(2)\Quarantine\rdl2.tmp [DETECTION] Contains recognition pattern of the RKIT/Agent.AIUL root kit C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000065.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\WINDOWS\Mpahifoha.dll [DETECTION] Is the TR/Agent.assk Trojan C:\WINDOWS\SYSTEM32\AlxRes.dll.bak [DETECTION] Contains recognition pattern of the ADSPY/AlexaBar.A.13 adware or spyware C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\lich[1].exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\zk[1].exe [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\main[1].exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\serv[1].exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\zn[1].exe [DETECTION] Is the TR/Dropper.Gen Trojan Begin scan in 'A:\' Search path A:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: The device is not ready. Beginning disinfection: C:\Program Files\America Online 8.0\AdminChk1.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to '4a508a9b.qua'! C:\Program Files\Trend Micro\Internet Security(2)\Quarantine\rdl2.tmp [NOTE] The file was moved to '4a4f8a9c.qua'! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000065.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4a138a68.qua'! C:\WINDOWS\Mpahifoha.dll [DETECTION] Is the TR/Agent.assk Trojan [NOTE] The file was moved to '4a448aa8.qua'! C:\WINDOWS\SYSTEM32\AlxRes.dll.bak [DETECTION] Contains recognition pattern of the ADSPY/AlexaBar.A.13 adware or spyware [NOTE] The file was moved to '4a5b8aa4.qua'! C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\lich[1].exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a468aa1.qua'! C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\zk[1].exe [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '4a3e8aa3.qua'! C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\main[1].exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4a4c8a99.qua'! C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\serv[1].exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a558a9d.qua'! C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\zn[1].exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '4a3e8aa6.qua'! End of the scan: Monday, April 13, 2009 10:53 Used time: 1:08:57 Hour(s) The scan has been done completely. 10077 Scanned directories 485165 Files were scanned 10 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 10 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 485153 Files not concerned 3534 Archives were scanned 2 Warnings 12 Notes
  9. hi, The issue persists, google search are getting redirected a bit confused about the AntiVirus suggestion, i have bought Malware and it is currently setup to start in system tray, will that not protect? please advise
  10. Hello, here is the fresh MBAM log and HJT log, on a side note there is a folder called "viewpoint" under program files, when i tried to open the folder it does not open, when i tried to delete the folder it gives some type of a "redundant cyclic error" and MBAM scan takes a long time to scan this particular folder Malwarebytes' Anti-Malware 1.36 Database version: 1958 Windows 5.1.2600 Service Pack 3 4/10/2009 9:16:44 AM mbam-log-2009-04-10 (09-16-44).txt Scan type: Full Scan (C:\|) Objects scanned: 228181 Time elapsed: 2 hour(s), 25 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\loader[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ftp[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\loader[1].exe (Trojan.Small) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\ftp[1].exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:35:16 AM, on 4/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\EZBackitup\EZBkuptray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Perfect Keyboard\PK32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\RemoteView\RemoteView.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.ebay.com/aboutme/diageminc R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe O4 - Startup: Shortcut to PK32.lnk = C:\Program Files\Perfect Keyboard\PK32.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  11. Please help, google searches are getting redirected to unrelated sites, MBAM log found below shows no issues, HJT log copied below Malwarebytes' Anti-Malware 1.36 Database version: 1945 Windows 5.1.2600 Service Pack 3 4/8/2009 1:38:22 PM mbam-log-2009-04-08 (13-38-22).txt Scan type: Quick Scan Objects scanned: 83876 Time elapsed: 4 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:40:49 PM, on 4/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\EZBackitup\EZBkuptray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Perfect Keyboard\PK32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\RemoteView\RemoteView.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.ebay.com/aboutme/diageminc R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe O4 - Startup: Shortcut to PK32.lnk = C:\Program Files\Perfect Keyboard\PK32.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  12. Hello, I was helped last week with the above http://www.malwarebytes.org/forums/index.php?showtopic=12422 However the google search is still getting redirected, the funny thing is whenever i type in a search term, example "250gb hard drive" and click on any one of the results then only the first time it gets redirected, after that it does not get redirected, i ran malwarebytes and nothing was found, am posting mbam as well as HJT log, please help Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 3 3/20/2009 11:32:12 AM mbam-log-2009-03-20 (11-32-12).txt Scan type: Quick Scan Objects scanned: 81387 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:21 AM, on 3/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\EZBackitup\EZBkuptray.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Perfect Keyboard\PK32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\RemoteView\RemoteView.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.ebay.com/aboutme/diageminc R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe O4 - Startup: Shortcut to PK32.lnk = C:\Program Files\Perfect Keyboard\PK32.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  13. Thank you for the wonderful tips and a well written blog, I have bookmarked it and will read it from time to time. I am a big fan of marzipan from Belgium i would like to send you a small paypal donation as a token of appreciation, if you are willing to accept then please provide a paypal email id thanks amit Los Angeles do
  14. Thanks for your help, 1. I found out that MBAM was updated and a scan was done between the first combofix run and the second one, sorry about that, do you want me to do the entire process again? 2. Google search so far are not been redirected, hopefully the issue was taken care of, do you think i should run MBAM again to see if it finds anything new? I just want to say that you guys are doing a great job, i cannot believe that such volunteer work is possible, the quality and the level of service you are providing puts any paid services or high costing programs to shame, i whole heatedly appreciate your help, is there a donation i can do? a
  15. Here is the combofix text, there is no zip file in Quarantine folder ComboFix 09-03-10.03 - Amit 2009-03-12 9:48:09.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.691 [GMT -8:00] Running from: c:\documents and settings\Amit\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Amit\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Irisifrtr ((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 ))))))))))))))))))))))))))))))) . 2012-12-12 04:12 . 2012-12-12 04:12 1,221,464 --------- c:\windows\SYSTEM32\IMMC.EXE 2012-12-12 04:12 . 2012-12-12 04:12 65,536 --------- c:\windows\SYSTEM32\MSRTEDIT.DLL 2009-03-11 16:26 . 2009-03-11 16:26 1,374 --a------ c:\windows\imsins.BAK 2009-02-26 11:26 . 2009-02-26 11:26 <DIR> d-------- c:\program files\BannerDesignerPro 2009-02-26 10:13 . 2009-02-26 10:13 <DIR> d-------- c:\program files\EZBackitup 2009-02-25 14:17 . 2009-02-25 14:17 <DIR> d-------- c:\program files\CCleaner 2009-02-25 13:52 . 2009-02-25 13:52 <DIR> d-------- c:\documents and settings\Administrator.AMITNEWCOMP\Application Data\Malwarebytes 2009-02-25 13:45 . 2004-05-10 14:37 <DIR> d-------- c:\documents and settings\Administrator.AMITNEWCOMP\Application Data\Symantec 2009-02-25 13:45 . 2004-05-10 14:40 <DIR> d-------- c:\documents and settings\Administrator.AMITNEWCOMP\Application Data\Sonic 2009-02-25 13:45 . 2004-05-10 14:36 <DIR> d-------- c:\documents and settings\Administrator.AMITNEWCOMP\Application Data\Jasc Software Inc 2009-02-25 13:45 . 2009-02-25 13:45 <DIR> d-------- c:\documents and settings\Administrator.AMITNEWCOMP 2009-02-25 13:43 . 2009-02-25 13:43 <DIR> d-------- c:\documents and settings\Amit\Application Data\Malwarebytes 2009-02-25 13:43 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-02-25 13:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-02-25 13:16 . 2009-02-25 13:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-25 13:16 . 2009-02-25 13:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-25 11:54 . 2009-02-25 12:02 7 --a------ c:\windows\SYSTEM32\nar.bin 2009-02-25 11:52 . 2009-02-25 13:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro 2009-02-25 11:51 . 2009-03-10 09:42 <DIR> d-------- c:\program files\Trend Micro 2009-02-25 11:12 . 2009-02-25 11:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft 2009-02-25 11:07 . 2004-05-10 14:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec 2009-02-25 11:07 . 2004-05-10 14:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic 2009-02-25 11:07 . 2004-05-10 14:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc 2009-02-25 11:07 . 2009-02-25 11:07 <DIR> d-------- c:\documents and settings\Administrator 2009-02-25 10:55 . 2009-02-25 10:55 8,768 --a------ c:\windows\SYSTEM32\DRIVERS\wATV03nt.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 22:45 --------- d-----w c:\program files\AOL Toolbar 2009-03-09 16:18 --------- d-----w c:\documents and settings\Amit\Application Data\Corel 2009-03-06 23:18 --------- d-----w c:\program files\America Online 8.0 2009-02-10 17:33 --------- d-----w c:\documents and settings\Amit\Application Data\AdobeUM 2009-01-30 22:35 --------- d-----w c:\program files\America Online 7.0 2009-01-29 22:43 --------- d-----w c:\documents and settings\Amit\Application Data\Galaxy Ship 2009-01-28 18:02 60,744 ----a-w c:\documents and settings\Amit\g2mdlhlpx.exe 2009-01-19 22:15 --------- d-----w c:\program files\EFTP 2009-01-19 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2006-04-21 16:50 630,784 ----a-w c:\documents and settings\Amit\chatlnk.exe 2008-08-04 23:24 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-12_ 9.25.30.20 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-03-12 17:55:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_150.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "EZBack-it-up Tray Scheduler"="c:\program files\EZBackitup\EZBkuptray.exe" [2004-06-03 631808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504] c:\documents and settings\Amit\Start Menu\Programs\Startup\ Shortcut to PK32.lnk - c:\program files\Perfect Keyboard\PK32.EXE [2004-06-05 647168] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-21 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2003-10-31 11:01 8704 c:\windows\SYSTEM32\PCANotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv50"= c:\windows\ir50_32.dll "vidc.mpg4"= c:\windows\mpg4c32.dll "vidc.mpg2"= c:\windows\mpg4c32.dll "vidc.mpg3"= c:\windows\mpg4c32.dll "vidc.GEOX"= c:\windows\GeoCodec.dll "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.mp42"= c:\windows\Mpg4c32.dll "vidc.mp43"= c:\windows\Mpg4c32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wATV03nt.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-10-01 12:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --------- 2003-08-05 22:04 114741 c:\windows\SYSTEM32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] --------- 2003-08-13 07:27 28672 c:\windows\SYSTEM32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-03-10 14:22 48280 c:\program files\Common Files\AOL\1129563433\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-03-20 16:34 213936 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2006-03-20 16:34 213936 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-03-20 16:34 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2003-10-06 07:05 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --------- 2002-11-07 23:22 4243456 c:\windows\SYSTEM32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2003-08-26 16:47 204800 c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --------- 2002-11-07 23:22 770117 c:\windows\SYSTEM32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --------- 2002-11-07 23:22 315392 c:\windows\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AdobeActiveFileMonitor5.0"=2 (0x2) "NTService1"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 8.0\\waol.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\WinAw32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\RemoteView\\BcastTcp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 MSSQL$SHIPWORKS;MSSQL$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe -sSHIPWORKS [?] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [2009-02-25 15504] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-02-25 179856] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] S3 SQLAgent$SHIPWORKS;SQLAgent$SHIPWORKS;c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS --> c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlagent.EXE -i SHIPWORKS [?] . Contents of the 'Scheduled Tasks' folder 2004-06-05 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 16:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://members.ebay.com/aboutme/diageminc uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 DPF: {E84E5574-FAE4-4EE2-877D-092AFF688F21} - hxxp://192.168.0.200/cab/RPB.cab FF - ProfilePath - c:\documents and settings\Amit\Application Data\Mozilla\Firefox\Profiles\default.5b1\ FF - prefs.js: browser.startup.homepage - hxxp://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&userid=diageminc FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 09:55:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft SQL Server\MSSQL$SHIPWORKS\Binn\sqlservr.exe c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\wanmpsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-03-12 10:00:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-12 18:00:38 ComboFix2.txt 2009-03-12 17:26:21 Pre-Run: 36,618,674,176 bytes free Post-Run: 36,513,931,264 bytes free 212 --- E O F --- 2009-03-12 00:26:15
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.