Jump to content

ryan1926

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello! Things seem to be back to normal. Thanks again for your help!
  2. Below is my Combofix log..... ComboFix 09-06-25.01 - Ryan 06/25/2009 16:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.604 [GMT -7:00] Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\SKYNETjduxcoey.sys c:\windows\system32\dumphive.exe c:\windows\system32\Process.exe c:\windows\system32\SKYNETbahrqjdx.dat c:\windows\system32\SKYNETkebdjufo.dll c:\windows\system32\SKYNETpunrglqp.dll c:\windows\system32\SKYNETsbpsnnih.dat c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe C:\xcrashdump.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETunbgogjc ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-25 09:10 . 2009-06-25 09:10 -------- d-----w- c:\program files\Trend Micro 2009-06-25 08:41 . 2009-06-25 08:41 -------- d-----w- c:\documents and settings\Allora\Application Data\Malwarebytes 2009-06-25 08:40 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-25 08:40 . 2009-06-25 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-25 08:40 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-25 08:40 . 2009-06-25 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-24 06:09 . 2009-06-24 06:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-11 23:07 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-11 23:07 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 09:56 . 2006-08-17 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-24 07:56 . 2008-07-29 04:06 -------- d-----w- c:\program files\Full Tilt Poker 2009-06-24 07:56 . 2006-08-17 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 04:42 . 2008-03-26 09:55 -------- d-----w- c:\documents and settings\Allora\Application Data\U3 2009-06-21 09:17 . 2006-08-17 05:29 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2009-06-19 06:49 . 2007-05-06 08:01 -------- d-----w- c:\documents and settings\Allora\Application Data\Juniper Networks 2009-06-09 03:31 . 2007-11-10 23:47 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2009-06-09 03:31 . 2007-11-10 23:38 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT 2009-05-13 05:15 . 1980-01-01 07:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-08 07:09 . 2009-05-08 07:09 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-08 07:08 . 2009-05-08 07:08 -------- d-----w- c:\program files\Java 2009-05-08 07:07 . 2009-05-08 07:07 152576 ----a-w- c:\documents and settings\Allora\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-07 15:44 . 1980-01-01 07:00 344064 ----a-w- c:\windows\system32\localspl.dll 2009-04-17 10:09 . 1980-01-01 07:00 1847936 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:26 . 1980-01-01 07:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Google Update"="c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000] "ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-29 344064] "suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-06-23 86016] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-08-02 40960] c:\documents and settings\Ryan\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-7-21 577597] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576] hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-11-10 118784] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2005-12-16 00:14 32768 ------w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-06-17 05:23 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli csspwntfy [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\ddpoker2\\ddpoker.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= R3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys [x] R3 LxrSGe10d;LxrSGe10d;c:\windows\system32\Drivers\LxrSge10d.sys [2007-12-03 69856] S0 Shockprf;Shockprf; [x] S0 sonypvl2;sonypvl2; [x] S1 ShockMgr;ShockMgr; [x] S1 sonypvf2;sonypvf2; [x] S1 sonypvt2;sonypvt2; [x] S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2005-08-10 4442] S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-06 3744] S2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2007-07-09 106496] S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-08-03 13184] S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-06 3904] S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336] S2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 46142] S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-08-03 3968] S2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 3328] S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2006-11-29 27072] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936] S3 WEC600N;Linksys Dual-Band Wireless-N ExpressCard WEC600N Driver;c:\windows\system32\DRIVERS\WEC600N.SYS [2007-07-23 822400] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-03-28 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF198036985.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46] 2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104946277-2168650842-2043310675-1005.job - c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 07:56] . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 16:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1412) c:\windows\system32\vrlogon.dll c:\program files\ThinkVantage Fingerprint Software\ExtVapi.dll c:\program files\Common Files\Virtual Token\psutil.dll c:\program files\Common Files\Virtual Token\resmgr.dll c:\program files\Common Files\Virtual Token\Remote.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll c:\program files\ThinkVantage Fingerprint Software\psfus.dll c:\windows\system32\tphklock.dll c:\program files\Common Files\Virtual Token\passport.dll c:\program files\Common Files\Virtual Token\config.dll c:\program files\Common Files\Virtual Token\LocPass.dll c:\program files\Common Files\Virtual Token\SBioPass.dll c:\program files\Common Files\Virtual Token\psdlg.dll c:\program files\Common Files\Virtual Token\BGTcVer.dll c:\program files\Common Files\Virtual Token\BTcVer.dll - - - - - - - > 'lsass.exe'(1468) c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll . Completion time: 2009-06-25 16:52 ComboFix-quarantined-files.txt 2009-06-25 23:52 Pre-Run: 28,911,767,552 bytes free Post-Run: 32,094,154,752 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 231 --- E O F --- 2009-06-24 08:14
  3. Hello, I am still getting redirected when doing google searches even after running the Malwarebytes software. Below are my logs....thanks in advance!!! Malwarebytes' Anti-Malware 1.38 Database version: 2332 Windows 5.1.2600 Service Pack 2 6/25/2009 1:53:09 AM mbam-log-2009-06-25 (01-53-09).txt Scan type: Quick Scan Objects scanned: 109868 Time elapsed: 10 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009be03 (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f468bc0.exe (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1e3f58.exe (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\All Users\Application Data\Microsoft\bits.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\__c001919C.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\__c002FF40.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\__c0049FF0.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\system32\__c00E749.exe (Trojan.Vundo) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.38 Database version: 2332 Windows 5.1.2600 Service Pack 2 6/25/2009 2:25:28 AM mbam-log-2009-06-25 (02-25-28).txt Scan type: Quick Scan Objects scanned: 109969 Time elapsed: 8 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:11:09 AM, on 6/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\CBTWlanSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\Maxtor\Utils\SyncServices.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\linksys\wec600n\wec600n.exe C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Maxtor\ManagerApp\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.