Jump to content

Bad search re-directs


espfrank
 Share

Recommended Posts

I know be patient.

Finally a log after 90 minutes

ComboFix 11-02-21.02 - ESP 02/22/2011 11:42:05.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.997 [GMT -6:00]

Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\UNWISE.EXE

.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))

.

2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit

2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE

2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache

2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache

2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator

2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP

2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat

2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\All Users\Application Data\66b0ba ----

---- Directory of c:\documents and settings\All Users\Application Data\SITVVDHRP ----

2011-01-31 14:59 . 2011-01-31 21:18 43234 --sha-w- c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]

"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\ESP\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688]

Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]

2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]

2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"=

"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:HAVA Service

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-22 12:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-02-22 13:20:42

ComboFix-quarantined-files.txt 2011-02-22 19:20

ComboFix2.txt 2011-02-22 17:28

ComboFix3.txt 2011-02-21 19:27

Pre-Run: 26,933,710,848 bytes free

Post-Run: 26,904,399,872 bytes free

- - End Of File - - 69A23D799EF0BFB072457FDD5AA8BB96

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\documents and settings\All Users\Application Data\66b0ba
c:\documents and settings\All Users\Application Data\SITVVDHRP
c:\documents and settings\All Users\Application Data\Viewpoint

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 11-02-23.05 - ESP 02/23/2011 15:53:32.5.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.720 [GMT -6:00]

Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\ESP\Desktop\CFScript.txt

* Created a new restore point

.

/wow section - STAGE 25

The system cannot find the path specified.

grep: temp2401: No such file or directory

@DO was unexpected at this time.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\66b0ba

c:\documents and settings\All Users\Application Data\SITVVDHRP

c:\documents and settings\All Users\Application Data\SITVVDHRP\SIYJXP.cfg

c:\documents and settings\All Users\Application Data\Viewpoint

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini

c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini

c:\powerprompter\PowerPrompter.exe

.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))

.

2011-02-23 19:22 . 2011-02-23 19:32 -------- d-----w- c:\documents and settings\ESP\Application Data\ntr

2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit

2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE

2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache

2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache

2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator

2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat

2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]

"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\ESP\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688]

Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]

2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]

2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"=

"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:HAVA Service

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-23 17:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-02-23 17:19:26

ComboFix-quarantined-files.txt 2011-02-23 23:19

ComboFix2.txt 2011-02-22 19:21

ComboFix3.txt 2011-02-22 17:28

ComboFix4.txt 2011-02-21 19:27

Pre-Run: 26,837,041,152 bytes free

Post-Run: 26,841,956,352 bytes free

- - End Of File - - 2C74ECC9D1166EE5C07927402BE2D533

Link to post
Share on other sites

There is no such things as appropriate donation, everything is welcome. ;)

Yes, last steps and you're good to go:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please enable Defogger and then manually delete it and the following too: DDS, GMER and TDSSKiller.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.