AshleeJ

Members

View Profile See their activity

Posts
16
Joined
July 3, 2011
Last visited
August 11, 2011

Reputation

0 Neutral

REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

ComboFix 11-08-09.02 - DAVID JOHNS 08/09/2011 17:58:37.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.562 [GMT -4:00] Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\DAVID JOHNS\Desktop\CFScript.txt AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . FILE :: "c:\program files\0520201123502781.bat" "c:\program files\0521201120513921.bat" "c:\program files\0521201120543228.bat" "c:\program files\060320110573220.bat" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\0520201123502781.bat c:\program files\0521201120513921.bat c:\program files\0521201120543228.bat c:\program files\060320110573220.bat . . ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 ))))))))))))))))))))))))))))))) . . 2011-07-26 03:27 . 2011-07-26 03:27 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-29 08:33 . 2004-08-04 08:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-07-09 02:56 . 2011-07-09 02:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-09 02:56 . 2011-07-02 00:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-01 22:56 . 2011-06-28 18:02 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 21:10 . 2011-06-28 21:10 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-24 07:54 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-19 04:58 . 2011-06-19 04:58 1409 ----a-w- c:\windows\QTFont.for 2011-05-29 13:11 . 2011-06-16 08:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-15_07.50.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-09 22:14 . 2011-08-09 22:14 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat + 2011-08-09 21:41 . 2011-08-09 21:41 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat + 2011-08-09 22:14 . 2011-08-09 22:14 16384 c:\windows\Temp\Perflib_Perfdata_214.dat + 2011-06-19 00:31 . 2007-07-28 03:11 16760 c:\windows\system32\spmsg.dll + 2011-08-01 07:38 . 2011-08-01 07:38 22016 c:\windows\Installer\12d78f5.msi - 2004-08-04 08:00 . 2009-01-31 00:34 604160 c:\windows\system32\WMSPDMOD.dll + 2004-08-04 08:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-04 08:00 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll + 2009-01-31 00:33 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll - 2009-01-31 00:33 . 2009-01-31 00:33 317440 c:\windows\system32\MP4SDECD.dll - 2004-08-04 08:00 . 2009-01-31 00:34 604160 c:\windows\system32\dllcache\WMSPDMOD.dll + 2004-08-04 08:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 08:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll - 2011-02-02 04:50 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll + 2011-02-02 04:50 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll + 2011-02-02 04:50 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe - 2011-02-02 04:50 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe + 2011-07-29 09:00 . 2009-01-31 00:33 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll + 2011-02-02 04:49 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll - 2011-02-02 04:49 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll - 2011-02-02 04:49 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe + 2011-02-02 04:49 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe + 2004-08-04 08:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll + 2004-08-04 08:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 08:00 . 2010-08-26 03:36 10841088 c:\windows\system32\wmp.dll + 2004-08-04 08:00 . 2010-08-26 03:36 10841088 c:\windows\system32\dllcache\wmp.dll + 2011-02-02 04:49 . 2009-07-14 03:43 10841088 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-24 273544] . c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] 2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper mmen REG_MULTI_SZ mmen . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-08-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - . SafeBoot-99077609.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 18:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3860) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-08-09 18:23:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-09 22:23 ComboFix2.txt 2011-07-29 02:16 ComboFix3.txt 2011-07-15 07:54 . Pre-Run: 11,888,779,264 bytes free Post-Run: 12,447,879,168 bytes free . - - End Of File - - 2238019308C0C1D6E5BE22A2C1F98AB3
- August 10, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

ComboFix 11-08-09.02 - DAVID JOHNS 08/09/2011 17:58:37.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.562 [GMT -4:00] Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\DAVID JOHNS\Desktop\CFScript.txt AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . FILE :: "c:\program files\0520201123502781.bat" "c:\program files\0521201120513921.bat" "c:\program files\0521201120543228.bat" "c:\program files\060320110573220.bat" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\0520201123502781.bat c:\program files\0521201120513921.bat c:\program files\0521201120543228.bat c:\program files\060320110573220.bat . . ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 ))))))))))))))))))))))))))))))) . . 2011-07-26 03:27 . 2011-07-26 03:27 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-29 08:33 . 2004-08-04 08:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-07-09 02:56 . 2011-07-09 02:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-09 02:56 . 2011-07-02 00:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-01 22:56 . 2011-06-28 18:02 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 21:10 . 2011-06-28 21:10 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-24 07:54 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-19 04:58 . 2011-06-19 04:58 1409 ----a-w- c:\windows\QTFont.for 2011-05-29 13:11 . 2011-06-16 08:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-15_07.50.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-09 22:14 . 2011-08-09 22:14 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat + 2011-08-09 21:41 . 2011-08-09 21:41 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat + 2011-08-09 22:14 . 2011-08-09 22:14 16384 c:\windows\Temp\Perflib_Perfdata_214.dat + 2011-06-19 00:31 . 2007-07-28 03:11 16760 c:\windows\system32\spmsg.dll + 2011-08-01 07:38 . 2011-08-01 07:38 22016 c:\windows\Installer\12d78f5.msi - 2004-08-04 08:00 . 2009-01-31 00:34 604160 c:\windows\system32\WMSPDMOD.dll + 2004-08-04 08:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-04 08:00 . 2009-07-14 03:43 286208 c:\windows\system32\wmpdxm.dll + 2009-01-31 00:33 . 2010-03-30 16:24 317440 c:\windows\system32\mp4sdecd.dll - 2009-01-31 00:33 . 2009-01-31 00:33 317440 c:\windows\system32\MP4SDECD.dll - 2004-08-04 08:00 . 2009-01-31 00:34 604160 c:\windows\system32\dllcache\WMSPDMOD.dll + 2004-08-04 08:00 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 08:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2010-03-30 16:24 . 2010-03-30 16:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll - 2011-02-02 04:50 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll + 2011-02-02 04:50 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB975558_WM8$\spuninst\updspapi.dll + 2011-02-02 04:50 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe - 2011-02-02 04:50 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe + 2011-07-29 09:00 . 2009-01-31 00:33 317440 c:\windows\$NtUninstallKB975558_WM8$\mp4sdecd.dll + 2011-02-02 04:49 . 2007-07-28 03:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll - 2011-02-02 04:49 . 2007-07-28 04:11 382840 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\updspapi.dll - 2011-02-02 04:49 . 2007-07-28 04:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe + 2011-02-02 04:49 . 2007-07-28 03:11 231288 c:\windows\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe + 2004-08-04 08:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll + 2004-08-04 08:00 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 08:00 . 2010-08-26 03:36 10841088 c:\windows\system32\wmp.dll + 2004-08-04 08:00 . 2010-08-26 03:36 10841088 c:\windows\system32\dllcache\wmp.dll + 2011-02-02 04:49 . 2009-07-14 03:43 10841088 c:\windows\$NtUninstallKB2378111_WM9$\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-24 273544] . c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] 2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper mmen REG_MULTI_SZ mmen . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-08-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - . SafeBoot-99077609.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 18:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(904) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3860) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-08-09 18:23:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-09 22:23 ComboFix2.txt 2011-07-29 02:16 ComboFix3.txt 2011-07-15 07:54 . Pre-Run: 11,888,779,264 bytes free Post-Run: 12,447,879,168 bytes free . - - End Of File - - 2238019308C0C1D6E5BE22A2C1F98AB3
- August 10, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

could this pose as a problem: kbdmsat.exe i have another question. i have an infected volsnap drive that i saw when i ran some other scan. i have 2-3 large sized internet explorers app running when im not connected. could this be an a factor?? ComboFix 11-07-28.07 - DAVID JOHNS 07/28/2011 21:57:42.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.519 [GMT -4:00] Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 ))))))))))))))))))))))))))))))) . . 2011-07-26 03:27 . 2011-07-26 03:27 -------- d--h--w- c:\windows\PIF 2011-07-09 02:57 . 2011-07-09 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-03 00:13 . 2011-07-03 00:13 -------- dc----w- C:\MTV_OUTPUT 2011-07-02 00:00 . 2011-07-09 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-01 22:56 . 2011-06-28 18:02 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 21:10 . 2011-06-28 21:10 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-24 07:54 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-19 04:58 . 2011-06-19 04:58 1409 ----a-w- c:\windows\QTFont.for 2011-06-03 04:57 . 2011-06-03 04:57 452 ----a-w- c:\program files\060320110573220.bat 2011-05-29 13:11 . 2011-06-16 08:15 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-22 00:54 . 2011-05-22 00:54 456 ----a-w- c:\program files\0521201120543228.bat 2011-05-22 00:51 . 2011-05-22 00:51 452 ----a-w- c:\program files\0521201120513921.bat 2011-05-21 03:50 . 2011-05-21 03:50 456 ----a-w- c:\program files\0520201123502781.bat 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-15_07.50.45 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-18 01:39 . 2011-07-18 01:39 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat + 2011-07-29 01:48 . 2011-07-29 01:48 16384 c:\windows\Temp\Perflib_Perfdata_248.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-24 273544] . c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] 2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8086:TCP"= 8086:TCP:men . R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper mmen REG_MULTI_SZ mmen . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-28 22:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-07-28 22:16:49 ComboFix-quarantined-files.txt 2011-07-29 02:16 ComboFix2.txt 2011-07-15 07:54 . Pre-Run: 12,166,262,784 bytes free Post-Run: 12,716,859,392 bytes free . - - End Of File - - 842B36561DCE33E4767C5D1EB5F11613
- July 29, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

yes i have been attempting to run the app but it has not opened for me. i have tried to rename it and run and leave it as is and run it but i get the same results each time. and thanks for replying!! the state of the computer has change...now my internet browser has become unresponsive at times and shuts down on its own.
- July 24, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

Have this topic been abandoned??
- July 22, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

My computer is still experiencing the redirecting problem with Google. after CF ran there were new programs added that i havent yet tried to see how they act....but its running the same before running CF. here are the results ComboFix 11-07-14.05 - DAVID JOHNS 07/15/2011 3:39.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.491 [GMT -4:00] Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678} c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome.manifest c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome\content\_cfg.js c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome\content\overlay.xul c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\install.rdf c:\windows\ajufitizoyiz.dll c:\windows\ajuxuwibi.dll c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\ewanoyivoq.dll c:\windows\ewuzomopajeboy.dll c:\windows\eyuguhey.dll c:\windows\iqogidelubemojok.dll c:\windows\iviyokaxu.dll c:\windows\ocikogike.dll c:\windows\ojoqecuz.dll c:\windows\oxodosayeroxeh.dll c:\windows\system32\_000110_.tmp.dll c:\windows\ucejosif.dll c:\windows\unatedapesanuk.dll c:\windows\uxevehadaj.dll c:\windows\ymante~1 . . ((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 ))))))))))))))))))))))))))))))) . . 2011-07-09 02:57 . 2011-07-09 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-03 00:13 . 2011-07-03 00:13 -------- dc----w- C:\MTV_OUTPUT 2011-07-02 00:00 . 2011-07-09 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-28 21:10 . 2011-06-28 21:10 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-28 18:02 . 2011-07-01 22:56 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 18:01 . 2011-06-28 18:01 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-28 17:58 . 2011-06-28 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2011-06-25 09:54 . 2011-06-25 09:54 -------- d-----w- c:\documents and settings\DAVID JOHNS\.frostwire4.20 2011-06-24 07:56 . 2011-06-24 07:56 -------- d-----w- c:\program files\Common Files\xing shared 2011-06-24 07:54 . 2011-06-24 07:56 -------- d-----w- c:\program files\Real 2011-06-24 07:44 . 2011-06-24 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent 2011-06-19 04:58 . 2011-06-19 04:58 1409 ----a-w- c:\windows\QTFont.for 2011-06-19 04:22 . 2011-06-19 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2011-06-19 00:24 . 2011-06-19 00:27 -------- d-----w- c:\windows\system32\drivers\UMDF 2011-06-17 13:11 . 2011-06-17 13:11 -------- d-----w- c:\documents and settings\DAVID JOHNS\Application Data\Template 2011-06-17 04:25 . 2011-06-17 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files 2011-06-17 04:22 . 2011-07-15 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\NetworkService\Application Data\QuickScan 2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\LocalService\Application Data\QuickScan 2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\DAVID JOHNS\Application Data\QuickScan 2011-06-17 00:25 . 2011-06-17 00:26 -------- d--h--w- c:\documents and settings\DAVID JOHNS\Application Data\GetRightToGo 2011-06-16 08:15 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 08:15 . 2011-06-17 12:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-16 00:27 . 2011-06-16 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\bdch . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-24 07:54 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-03 04:57 . 2011-06-03 04:57 452 ----a-w- c:\program files\060320110573220.bat 2011-05-22 00:54 . 2011-05-22 00:54 456 ----a-w- c:\program files\0521201120543228.bat 2011-05-22 00:51 . 2011-05-22 00:51 452 ----a-w- c:\program files\0521201120513921.bat 2011-05-21 03:50 . 2011-05-21 03:50 456 ----a-w- c:\program files\0520201123502781.bat 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-24 273544] . c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] 2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor] 2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] 2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] 2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8086:TCP"= 8086:TCP:men . R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AVGWD *NewlyCreated* - COMHOST . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper mmen REG_MULTI_SZ mmen . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40] . 2011-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS REMOVED - - - - . BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file) BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe MSConfigStartUp-Jtoyazozahuyu - c:\windows\imukezak.dll MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe MSConfigStartUp-Usakuhimuhabucu - c:\windows\deyntr.dll MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-15 03:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(940) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-07-15 03:54:26 ComboFix-quarantined-files.txt 2011-07-15 07:54 . Pre-Run: 12,276,764,672 bytes free Post-Run: 12,798,820,352 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 2012FA70F3282A584970A15388371676
- July 15, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

yes i still need help with this....had a few encounters. i will post the results ASAP!!! sorry!!
- July 15, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by DAVID JOHNS at 17:04:12 on 2011-07-09 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.230 [GMT -4:00] . AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* . ============== Running Processes =============== . C:\Program Files\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\REGSVR32.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\docume~1\davidj~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE uPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192] R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-1 1245064] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-21 1025352] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-16 39984] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552] . =============== Created Last 30 ================ . 2011-07-09 02:57:28 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-03 00:13:31 -------- dc----w- C:\MTV_OUTPUT 2011-07-02 00:00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-28 21:10:48 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-28 18:02:01 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 18:01:52 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-28 17:58:35 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2011-06-25 09:54:51 -------- d-----w- c:\documents and settings\david johns\.frostwire4.20 2011-06-24 07:56:37 -------- d-----w- c:\program files\common files\xing shared 2011-06-24 07:44:28 -------- d-----w- c:\documents and settings\all users\application data\WildTangent 2011-06-21 07:54:22 -------- dc-h--w- C:\$AVG 2011-06-21 06:57:43 -------- d-----w- c:\documents and settings\david johns\application data\AVG10 2011-06-21 06:45:08 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar 2011-06-21 06:37:24 -------- d-----w- c:\windows\system32\drivers\AVG 2011-06-21 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-06-21 06:32:31 -------- d-----w- c:\program files\AVG 2011-06-19 04:58:26 1409 ----a-w- c:\windows\QTFont.for 2011-06-17 04:25:10 -------- d-----w- c:\documents and settings\all users\application data\Common Files 2011-06-17 04:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-06-17 00:27:03 -------- d--h--w- c:\documents and settings\david johns\application data\QuickScan 2011-06-17 00:25:33 -------- d--h--w- c:\documents and settings\david johns\application data\GetRightToGo 2011-06-16 08:15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 08:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-16 00:27:17 -------- d-----w- c:\documents and settings\all users\application data\bdch 2011-06-15 23:38:37 17748 ---ha-w- c:\windows\oxodosayeroxeh.dll 2011-06-14 02:52:07 16758 ---ha-w- c:\windows\ajuxuwibi.dll . ==================== Find3M ==================== . 2011-06-24 07:54:26 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-15 23:38:14 0 ---ha-w- c:\windows\Eheyotoyefuluga.bin 2011-06-05 22:46:59 17748 ---ha-w- c:\windows\ocikogike.dll 2011-06-05 22:46:26 17748 ---ha-w- c:\windows\ojoqecuz.dll 2011-06-04 02:27:56 17748 ---ha-w- c:\windows\uxevehadaj.dll 2011-06-04 02:27:21 17748 ---ha-w- c:\windows\unatedapesanuk.dll 2011-06-03 04:57:32 452 ----a-w- c:\program files\060320110573220.bat 2011-06-01 21:41:05 17748 ---ha-w- c:\windows\iqogidelubemojok.dll 2011-06-01 21:39:57 17748 ---ha-w- c:\windows\ajufitizoyiz.dll 2011-05-29 01:41:22 17748 ---ha-w- c:\windows\ucejosif.dll 2011-05-22 00:54:32 456 ----a-w- c:\program files\0521201120543228.bat 2011-05-22 00:51:39 452 ----a-w- c:\program files\0521201120513921.bat 2011-05-21 03:50:28 456 ----a-w- c:\program files\0520201123502781.bat 2011-05-20 01:23:39 1321 ---ha-w- c:\windows\kbdmsat.exe 2011-05-15 07:19:45 17748 ---ha-w- c:\windows\iviyokaxu.dll 2011-05-12 22:11:23 17748 ---ha-w- c:\windows\ewanoyivoq.dll 2011-05-07 05:17:03 17017 ---ha-w- c:\windows\ewuzomopajeboy.dll 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe . ============= FINISH: 17:07:29.28 ===============
- July 9, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

Yea mbam will run. I have done another scan using the AVG and it picked up 3 spyware things. 2 for the yontoo layers clients and 1 located in the programs files for internet explorer.....ieplorer.exe. they have been moved to the virus vault but the problem remains
- July 9, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

ok how do i run the app as administrator?? i did attempt to run it after unblocking it with no success. i have windows xp....does that make a difference???
- July 8, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

I found this info and its interesting. upon going into me Local Disk drive i noticed that my files had been hidden....interesting by itself. i made the files visible and went to my doc and settings...desktop...and found my icons...i right clicked on the TDSS icon....properties...and under attributes(neither the read only or hidden box are checked) at the very bottom there is an option labeled security and says This file came from another computer and may be blocked to help protect this computer and then it has the option to unblock. could this be hindering the app from not running when clicked on??
- July 6, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

Ok....i opened the task manager and the process was not one listed under the ones running. So where do i go from here?? i have another concern to address. i have a iexplorer.exe running by itself at a high rate....331,636K. This process continues to run even after i close all window browsers. should i be concerned?? could this be a virus, trojan, or malware???
- July 6, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

sorry for that late replies....but yes i did try to uninstall Norton. with no success, lol. Im about to try the uninstall and the ending of those processes and see how it goes. thanks for the help so far.
- July 6, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by DAVID JOHNS at 17:39:29 on 2011-07-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.153 [GMT -4:00] . AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *Disabled* . ============== Running Processes =============== . C:\Program Files\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgam.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0 uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\docume~1\davidj~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE uPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552] . =============== Created Last 30 ================ . 2011-07-05 18:41:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-07-03 00:13:31 -------- dc----w- C:\MTV_OUTPUT 2011-07-02 00:00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-28 21:10:48 12872 ----a-w- c:\windows\system32\bootdelete.exe 2011-06-28 18:02:01 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-28 18:01:52 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-28 17:58:35 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2011-06-25 09:54:51 -------- d-----w- c:\documents and settings\david johns\.frostwire4.20 2011-06-24 07:56:37 -------- d-----w- c:\program files\common files\xing shared 2011-06-24 07:44:28 -------- d-----w- c:\documents and settings\all users\application data\WildTangent 2011-06-21 07:54:22 -------- dc-h--w- C:\$AVG 2011-06-21 06:57:43 -------- d-----w- c:\documents and settings\david johns\application data\AVG10 2011-06-21 06:45:08 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar 2011-06-21 06:37:24 -------- d-----w- c:\windows\system32\drivers\AVG 2011-06-21 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\AVG10 2011-06-21 06:32:31 -------- d-----w- c:\program files\AVG 2011-06-19 04:58:26 1409 ----a-w- c:\windows\QTFont.for 2011-06-17 04:25:10 -------- d-----w- c:\documents and settings\all users\application data\Common Files 2011-06-17 04:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2011-06-17 00:27:03 -------- d--h--w- c:\documents and settings\david johns\application data\QuickScan 2011-06-17 00:25:33 -------- d--h--w- c:\documents and settings\david johns\application data\GetRightToGo 2011-06-16 08:15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 08:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-16 00:27:17 -------- d-----w- c:\documents and settings\all users\application data\bdch 2011-06-15 23:38:37 17748 ---ha-w- c:\windows\oxodosayeroxeh.dll 2011-06-14 02:52:07 16758 ---ha-w- c:\windows\ajuxuwibi.dll 2011-06-08 00:11:02 -------- d-----w- c:\documents and settings\all users\application data\BitDefender 2011-06-08 00:06:42 -------- d-----w- c:\documents and settings\all users\application data\938b0000-28ab-46a7-4f71-91faa4025193 2011-06-07 23:47:56 -------- d-----w- c:\documents and settings\all users\application data\5d090000-443-4453-42f5-668481964189 2011-06-05 22:46:55 17748 ---ha-w- c:\windows\ocikogike.dll 2011-06-05 22:46:26 17748 ---ha-w- c:\windows\ojoqecuz.dll . ==================== Find3M ==================== . 2011-06-24 07:54:26 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-06-15 23:38:14 0 ---ha-w- c:\windows\Eheyotoyefuluga.bin 2011-06-04 02:27:56 17748 ---ha-w- c:\windows\uxevehadaj.dll 2011-06-04 02:27:21 17748 ---ha-w- c:\windows\unatedapesanuk.dll 2011-06-03 04:57:32 452 ----a-w- c:\program files\060320110573220.bat 2011-06-01 21:41:05 17748 ---ha-w- c:\windows\iqogidelubemojok.dll 2011-06-01 21:39:57 17748 ---ha-w- c:\windows\ajufitizoyiz.dll 2011-05-29 01:41:22 17748 ---ha-w- c:\windows\ucejosif.dll 2011-05-22 00:54:32 456 ----a-w- c:\program files\0521201120543228.bat 2011-05-22 00:51:39 452 ----a-w- c:\program files\0521201120513921.bat 2011-05-21 03:50:28 456 ----a-w- c:\program files\0520201123502781.bat 2011-05-20 01:23:39 1321 ---ha-w- c:\windows\kbdmsat.exe 2011-05-15 07:19:45 17748 ---ha-w- c:\windows\iviyokaxu.dll 2011-05-12 22:11:23 17748 ---ha-w- c:\windows\ewanoyivoq.dll 2011-05-07 05:17:03 17017 ---ha-w- c:\windows\ewuzomopajeboy.dll 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe . ============= FINISH: 17:44:33.23 ===============
- July 5, 2011
- 32 replies
REDIRECT VIRUS

AshleeJ replied to AshleeJ's topic in Resolved Malware Removal Logs

HI!!! thanks for the reply. i have read the list of things to do and before i embark i would like to address an on going situation. I have the TDSS app downloaded to my desktop right now. I cant get it run under any circumstance. If i rename it with a .com it doesnt run and if i leave it as is it doesnt run. Im also in the process of trying to, well at that time i was attempting to update my Java. I downloaded to file on my desktop neccessary to do that and removed all other tracess of the old Java. Upon tryig to install the updated Java, it went thru and prompted for the installation to close since it was installed properly. RIGHT after i clicked the close button a pop up was shown saying: Installer: Wrapper.CreateFile failed with error 5: Access is denied. I then ran a security check scan to see if it had indeed downloaded in which it hadnt. Im not sure if that would be a conflict with the TDSS but i felt it was worthy of mentioning. So what im asking now, would you like for me to proceed with the first 2 mentioned on the list for now and wait for further instructions or see can the TDSS installation problem be fixed somehow or maybe take another route. Thanks, Ashlee!!!
- July 5, 2011
- 32 replies

Sign In

AshleeJ

Posts

Joined

Last visited

Reputation

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

REDIRECT VIRUS

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information