Jump to content

Searches still getting redirected after running Malwarebytes


Recommended Posts

Hello,

I am still getting redirected when doing google searches even after running the Malwarebytes software. Below are my logs....thanks in advance!!!

Malwarebytes' Anti-Malware 1.38

Database version: 2332

Windows 5.1.2600 Service Pack 2

6/25/2009 1:53:09 AM

mbam-log-2009-06-25 (01-53-09).txt

Scan type: Quick Scan

Objects scanned: 109868

Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009be03 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f468bc0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1e3f58.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\All Users\Application Data\Microsoft\bits.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\All Users\Application Data\Microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c001919C.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c002FF40.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c0049FF0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\__c00E749.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.38

Database version: 2332

Windows 5.1.2600 Service Pack 2

6/25/2009 2:25:28 AM

mbam-log-2009-06-25 (02-25-28).txt

Scan type: Quick Scan

Objects scanned: 109969

Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:11:09 AM, on 6/25/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Common Files\Virtual Token\vtserver.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\CBTWlanSrv.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Maxtor\Utils\SyncServices.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe

C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

c:\program files\linksys\wec600n\wec600n.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Maxtor\ManagerApp\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Below is my Combofix log.....

ComboFix 09-06-25.01 - Ryan 06/25/2009 16:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.604 [GMT -7:00]

Running from: c:\documents and settings\Ryan\Desktop\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\SKYNETjduxcoey.sys

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\SKYNETbahrqjdx.dat

c:\windows\system32\SKYNETkebdjufo.dll

c:\windows\system32\SKYNETpunrglqp.dll

c:\windows\system32\SKYNETsbpsnnih.dat

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

C:\xcrashdump.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SKYNETunbgogjc

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))

.

2009-06-25 09:10 . 2009-06-25 09:10 -------- d-----w- c:\program files\Trend Micro

2009-06-25 08:41 . 2009-06-25 08:41 -------- d-----w- c:\documents and settings\Allora\Application Data\Malwarebytes

2009-06-25 08:40 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-25 08:40 . 2009-06-25 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-25 08:40 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-25 08:40 . 2009-06-25 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-24 06:09 . 2009-06-24 06:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-06-11 23:07 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-11 23:07 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-25 09:56 . 2006-08-17 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-24 07:56 . 2008-07-29 04:06 -------- d-----w- c:\program files\Full Tilt Poker

2009-06-24 07:56 . 2006-08-17 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-24 04:42 . 2008-03-26 09:55 -------- d-----w- c:\documents and settings\Allora\Application Data\U3

2009-06-21 09:17 . 2006-08-17 05:29 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2009-06-19 06:49 . 2007-05-06 08:01 -------- d-----w- c:\documents and settings\Allora\Application Data\Juniper Networks

2009-06-09 03:31 . 2007-11-10 23:47 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2009-06-09 03:31 . 2007-11-10 23:38 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2009-05-13 05:15 . 1980-01-01 07:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-08 07:09 . 2009-05-08 07:09 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-08 07:08 . 2009-05-08 07:08 -------- d-----w- c:\program files\Java

2009-05-08 07:07 . 2009-05-08 07:07 152576 ----a-w- c:\documents and settings\Allora\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-07 15:44 . 1980-01-01 07:00 344064 ----a-w- c:\windows\system32\localspl.dll

2009-04-17 10:09 . 1980-01-01 07:00 1847936 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 15:26 . 1980-01-01 07:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Google Update"="c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]

"ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-29 344064]

"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144]

"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-15 257088]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"MaxtorOneTouch"="c:\program files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-08 148888]

"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-06-23 86016]

"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-08-02 40960]

c:\documents and settings\Ryan\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-7-21 577597]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-11-10 118784]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]

2005-12-16 00:14 32768 ------w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-06-17 05:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli csspwntfy

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\ddpoker2\\ddpoker.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys [x]

R3 LxrSGe10d;LxrSGe10d;c:\windows\system32\Drivers\LxrSge10d.sys [2007-12-03 69856]

S0 Shockprf;Shockprf; [x]

S0 sonypvl2;sonypvl2; [x]

S1 ShockMgr;ShockMgr; [x]

S1 sonypvf2;sonypvf2; [x]

S1 sonypvt2;sonypvt2; [x]

S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2005-08-10 4442]

S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-06 3744]

S2 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2007-07-09 106496]

S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-08-03 13184]

S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-06 3904]

S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-04 14336]

S2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 46142]

S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-08-03 3968]

S2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 3328]

S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2006-11-29 27072]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]

S3 WEC600N;Linksys Dual-Band Wireless-N ExpressCard WEC600N Driver;c:\windows\system32\DRIVERS\WEC600N.SYS [2007-07-23 822400]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2008-03-28 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF198036985.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104946277-2168650842-2043310675-1005.job

- c:\documents and settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 07:56]

.

- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-25 16:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)

c:\windows\system32\vrlogon.dll

c:\program files\ThinkVantage Fingerprint Software\ExtVapi.dll

c:\program files\Common Files\Virtual Token\psutil.dll

c:\program files\Common Files\Virtual Token\resmgr.dll

c:\program files\Common Files\Virtual Token\Remote.dll

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ThinkVantage Fingerprint Software\psfus.dll

c:\windows\system32\tphklock.dll

c:\program files\Common Files\Virtual Token\passport.dll

c:\program files\Common Files\Virtual Token\config.dll

c:\program files\Common Files\Virtual Token\LocPass.dll

c:\program files\Common Files\Virtual Token\SBioPass.dll

c:\program files\Common Files\Virtual Token\psdlg.dll

c:\program files\Common Files\Virtual Token\BGTcVer.dll

c:\program files\Common Files\Virtual Token\BTcVer.dll

- - - - - - - > 'lsass.exe'(1468)

c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll

c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll

c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll

c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll

.

Completion time: 2009-06-25 16:52

ComboFix-quarantined-files.txt 2009-06-25 23:52

Pre-Run: 28,911,767,552 bytes free

Post-Run: 32,094,154,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

231 --- E O F --- 2009-06-24 08:14

Link to post
Share on other sites

  • Staff

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please update your Norton, because it's outdated. In case you can't update (because it's an expired trial), then uninstall Norton and get a free Antivirus instead. Avira Antivirus is a great choice BTW.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff

Glad I could help. :D

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.