Jump to content

Google Redirect Malware? (Please help!)


Recommended Posts

After I submit a search in Google, the links redirect me to places that are different from what was listed in Google.

In addition, my antivirus software (Avast) is periodically popping up warnings, saying that it has blocked access to a malicious site (typically shown as only an ip address).

I followed the instructions on the "What do I do now?" page of this forum:

- After updating malware/virus definitions, ran complete scans with both Malwarebytes and Avast. (This did not fix the problem.)

- Using DeFogger, disabled CD-ROM Emulation Software

- Ran dds and saved DDS.txt and attach.txt

- Attempted to run GMER, but each time I ran it, a blue screen appeared and the computer automatically restarted.

The MalwareBytes log and dds.txt are copied below, and attach.txt was zipped is attached.

Thank you so much for your help!

-Paul

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7488

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/17/2011 12:19:00 PM

mbam-log-2011-08-17 (12-19-00).txt

Scan type: Quick scan

Objects scanned: 207625

Time elapsed: 15 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Run by Ownr at 18:37:32 on 2011-08-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1279 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\PROGRA~1\Sony\SMARTW~1\Phoenix.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://securemail.purchase.edu/

uSearch Bar = hxxp://mysearch.myway.com/jsp/sonysidebar.jsp?p=SY

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: N/A: {f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: : {f0f8c2b1-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [WCULauncher] c:\program files\sony\smartwi connection utility\WCULauncher.exe

mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [VAIO Update 4] "c:\program files\sony\vaio update 4\VAIOUpdt.exe" /Stationary

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: verizon.com\www22

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{70B1B5D7-2F6F-46CC-8255-E2E3369B0749} : DhcpNameServer = 192.168.1.1 68.237.161.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

AppInit_DLLs: c:\windows\system32\lfpsd13n32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli fusstub

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ownr\application data\mozilla\firefox\profiles\h8ype9nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-8-28 9216]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-24 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-24 309848]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-11-29 21464]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-24 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-24 42184]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-11-29 69976]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-1-14 1120960]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-8-28 36352]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-8-28 71961]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-28 818688]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-11 1691480]

S3 B-Service;B-Service;c:\documents and settings\ownr\application data\mikogo\B-Service.exe [2011-4-10 185640]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 136176]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-8-28 14336]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-6-8 77952]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]

.

=============== Created Last 30 ================

.

2011-08-17 17:11:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-08-16 18:09:38 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-08-16 16:58:13 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-08-16 16:58:10 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-08-16 16:57:01 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-08-16 01:15:23 157184 ----a-w- c:\windows\system32\lfpsd13n32.dll

2011-08-15 18:28:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 18:03:06 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-08-15 18:03:06 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-08-15 18:03:05 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-08-15 18:03:05 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-08-15 18:03:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-15 18:03:05 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-08-15 18:03:05 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-08-09 03:31:02 -------- d-----w- c:\program files\iPod

2011-08-09 03:30:44 -------- d-----w- c:\program files\iTunes

2011-08-09 03:21:24 -------- d-----w- c:\program files\Bonjour

2011-08-06 02:59:47 -------- d-----w- c:\program files\HyperSnap 7

2011-07-25 00:51:04 -------- d-----w- C:\_OTM

2011-07-24 22:58:27 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-24 21:11:24 40112 ----a-w- c:\windows\avastSS.scr

2011-07-24 21:11:02 -------- d-----w- c:\program files\AVAST Software

2011-07-24 21:11:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-07-23 21:55:09 -------- d-----w- c:\documents and settings\ownr\application data\SUPERAntiSpyware.com

2011-07-23 21:55:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-07-23 21:52:05 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-23 20:58:03 0 ---ha-w- c:\documents and settings\ownr\zdsdwoacxg.tmp

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 18:41:58.59 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hi Chris,

I updated MBAM, ran the Quick Scan, and copied the log below.

ComboFix ran successfully up to the point there it restarted the computer. However, after Combofix restarted the Windows, and the last thing that it said in and a blue window said that it was preparing the log, there was a BSOD (that appeared to happen before Combofix was done), followed by an immediate restart.

Possibly, this was caused by my having suspended Avast's real-time "shields" only until the next restart. When Combofix restarted the computer, Avast protection was back on, and I suspended it again as quickly as I could.

The combofix.txt log looks so short that it probably did not finish getting prepared before the BSOD. It contains only this:

ComboFix 11-08-22.03 - Ownr 08/22/2011 10:17:59.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1456 [GMT -4:00]

Running from: C:\Documents and Settings\Ownr\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

I do see that there are two other text files in the Combofix folder (that were created after combofix.txt): mbr.log and mbr.txt. Their contents are copied below.

Should I re-run Combofix, with Avast shields suspended permanently (so that Avast does not activate after Combofix restarts the computer)?

Thanks!

Paul

mbr.txt:

---------

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK8009GAH rev.BQ001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

mbr.log:

---------

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_MK8009GAH rev.BQ001A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7531

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/22/2011 12:48:41 AM

mbam-log-2011-08-22 (00-48-41).txt

Scan type: Quick scan

Objects scanned: 209247

Time elapsed: 37 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Chris,

Below, I have copied the dds log (dds.txt), resulting from running dds.scr. Do you need Attach.txt as well?

Thanks,

Paul

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Run by Ownr at 16:22:59 on 2011-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1417 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Protector Suite QL\menusw.exe

C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://securemail.purchase.edu/

uSearch Bar = hxxp://mysearch.myway.com/jsp/sonysidebar.jsp?p=SY

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: N/A: {f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: : {f0f8c2b1-a911-4b4e-b2ae-89b82dc81f15} - c:\program files\sonysa\srchas\sySrcAs.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [biomenu] "c:\program files\protector suite ql\menusw.exe"

mRun: [WCULauncher] c:\program files\sony\smartwi connection utility\WCULauncher.exe

mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [VAIO Update 4] "c:\program files\sony\vaio update 4\VAIOUpdt.exe" /Stationary

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

Trusted Zone: verizon.com\www22

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{70B1B5D7-2F6F-46CC-8255-E2E3369B0749} : DhcpNameServer = 192.168.1.1 68.237.161.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: psfus - fusstub.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ownr\application data\mozilla\firefox\profiles\h8ype9nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-8-28 9216]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-24 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-24 309848]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-7-12 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-11-29 21464]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-24 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-24 42184]

R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]

R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-11-29 69976]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-1-14 1120960]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-8-28 36352]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-8-28 71961]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-28 818688]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-11 1691480]

S3 B-Service;B-Service;c:\documents and settings\ownr\application data\mikogo\B-Service.exe [2011-4-10 185640]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 136176]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-8-28 14336]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-6-8 77952]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]

.

=============== Created Last 30 ================

.

2011-08-22 14:11:51 -------- d-sha-r- C:\cmdcons

2011-08-22 14:06:37 98816 ----a-w- c:\windows\sed.exe

2011-08-22 14:06:37 518144 ----a-w- c:\windows\SWREG.exe

2011-08-22 14:06:37 256000 ----a-w- c:\windows\PEV.exe

2011-08-22 14:06:37 208896 ----a-w- c:\windows\MBR.exe

2011-08-22 14:06:13 -------- d-----w- C:\ComboFix

2011-08-18 20:49:11 172032 ----a-w- c:\windows\system32\igfxres.dll

2011-08-18 18:14:43 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2011-08-18 18:14:43 57344 ----a-w- c:\windows\system32\igxprd32.dll

2011-08-18 18:14:41 1670144 ----a-w- c:\windows\system32\igxpdv32.dll

2011-08-18 18:14:41 151040 ----a-w- c:\windows\system32\igxpgd32.dll

2011-08-18 18:14:37 2643968 ----a-w- c:\windows\system32\igxpdx32.dll

2011-08-18 18:14:37 176128 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-18 18:14:37 172032 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-18 18:14:37 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll

2011-08-18 18:14:30 920088 ----a-w- c:\windows\system32\igxpun.exe

2011-08-18 18:14:30 319456 ----a-w- c:\windows\system32\difxapi.dll

2011-08-18 18:14:30 -------- d-----w- c:\windows\system32\Lang

2011-08-18 18:14:21 -------- d-----w- C:\Intel

2011-08-18 18:07:35 -------- d-----w- c:\program files\SystemRequirementsLab

2011-08-17 17:11:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-08-16 18:09:38 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-08-16 16:58:13 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-08-16 16:58:10 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-08-16 16:57:01 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-08-15 18:28:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 18:03:06 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-08-15 18:03:06 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-08-15 18:03:05 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-08-15 18:03:05 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-08-15 18:03:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-15 18:03:05 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-08-15 18:03:05 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-08-09 03:31:02 -------- d-----w- c:\program files\iPod

2011-08-09 03:30:44 -------- d-----w- c:\program files\iTunes

2011-08-09 03:21:24 -------- d-----w- c:\program files\Bonjour

2011-08-06 02:59:47 -------- d-----w- c:\program files\HyperSnap 7

2011-07-25 00:51:04 -------- d-----w- C:\_OTM

2011-07-24 22:58:27 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-24 21:11:24 40112 ----a-w- c:\windows\avastSS.scr

2011-07-24 21:11:02 -------- d-----w- c:\program files\AVAST Software

2011-07-24 21:11:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-07-23 21:55:09 -------- d-----w- c:\documents and settings\ownr\application data\SUPERAntiSpyware.com

2011-07-23 21:55:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-07-23 21:52:05 -------- d-----w- c:\program files\SUPERAntiSpyware

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 16:27:35.45 ===============

Link to post
Share on other sites

Hi Chris,

I re-ran ComboFix, this time after having suspended my real-time antivirus, so that it remained suspended after ComboFix restarted Windows. This time, ComboFix ran to completion, and I have the log (ComboFix.txt) was completely written. It is copied below.

Thanks,

Paul

ComboFix 11-08-23.01 - Ownr 08/23/2011 8:01.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1370 [GMT -4:00]

Running from: c:\documents and settings\Ownr\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome.manifest

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome\xulcache.jar

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\defaults\preferences\xulcache.js

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\install.rdf

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome.manifest

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome\xulcache.jar

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\defaults\preferences\xulcache.js

c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\install.rdf

c:\documents and settings\Ownr\My Documents\10g.txt

c:\documents and settings\Ownr\My Documents\461.doc

c:\documents and settings\Ownr\My Documents\559.xls

c:\documents and settings\Ownr\My Documents\589.xls

c:\documents and settings\Ownr\My Documents\60T.txt

c:\documents and settings\Ownr\My Documents\905.txt

c:\documents and settings\Ownr\My Documents\905.xls

c:\documents and settings\Ownr\My Documents\905.xml

c:\documents and settings\Ownr\System\win_qs7.jqx

c:\documents and settings\Ownr\zdsdwoacxg.tmp

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))

.

.

2011-08-23 03:27 . 2011-08-23 03:27 -------- d-----w- c:\program files\iPod

2011-08-23 03:26 . 2011-08-23 03:30 -------- d-----w- c:\program files\iTunes

2011-08-18 20:49 . 2008-02-15 16:45 172032 ----a-w- c:\windows\system32\igfxres.dll

2011-08-18 18:14 . 2008-02-15 17:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2011-08-18 18:14 . 2008-02-15 17:12 57344 ----a-w- c:\windows\system32\igxprd32.dll

2011-08-18 18:14 . 2008-02-15 17:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll

2011-08-18 18:14 . 2008-02-15 17:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll

2011-08-18 18:14 . 2008-02-15 17:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll

2011-08-18 18:14 . 2008-02-15 17:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll

2011-08-18 18:14 . 2008-02-15 16:49 176128 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-18 18:14 . 2008-02-15 16:49 172032 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-18 18:14 . 2011-08-18 18:14 -------- d-----w- c:\windows\system32\Lang

2011-08-18 18:14 . 2008-03-07 16:56 920088 ----a-w- c:\windows\system32\igxpun.exe

2011-08-18 18:14 . 2006-11-10 12:25 319456 ----a-w- c:\windows\system32\difxapi.dll

2011-08-18 18:14 . 2011-08-18 18:14 -------- d-----w- C:\Intel

2011-08-18 18:07 . 2011-08-18 18:07 -------- d-----w- c:\program files\SystemRequirementsLab

2011-08-18 18:06 . 2011-08-18 18:06 -------- d-----w- c:\documents and settings\Ownr\Application Data\SystemRequirementsLab

2011-08-17 17:11 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-08-16 18:09 . 2011-08-21 13:08 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-08-16 16:58 . 2011-08-21 11:51 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-08-16 16:58 . 2011-08-16 16:58 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-08-16 16:57 . 2011-08-16 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-08-15 18:28 . 2011-08-15 18:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-15 18:03 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-08-15 18:03 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-08-15 18:03 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-08-15 18:03 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-08-15 18:03 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-08-15 18:03 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-15 18:03 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-08-09 03:21 . 2011-08-09 03:21 -------- d-----w- c:\program files\Bonjour

2011-08-06 02:59 . 2011-08-06 02:59 -------- d-----w- c:\program files\HyperSnap 7

2011-07-25 00:51 . 2011-07-25 00:51 -------- d-----w- C:\_OTM

2011-07-24 22:58 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-24 22:58 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-07-24 22:58 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-24 22:58 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-24 22:58 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-24 22:58 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-24 22:58 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-24 22:58 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-24 22:58 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-24 21:11 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr

2011-07-24 21:11 . 2011-07-24 23:50 -------- d-----w- c:\program files\AVAST Software

2011-07-24 21:11 . 2011-07-24 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-15 13:29 . 2006-08-28 16:40 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2006-08-28 16:40 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 23:52 . 2011-07-13 14:04 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-07-13 14:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-24 14:10 . 2006-08-28 16:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45 . 2006-08-28 16:40 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45 . 2009-03-22 17:27 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45 . 2006-08-28 16:40 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45 . 2006-08-28 16:40 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47 . 2006-08-28 16:40 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2006-08-28 16:40 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02 . 2006-08-28 16:40 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-12 05:57 . 2011-08-17 17:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{F0F8C2B6-A911-4b4e-B2AE-89B82DC81F15}"= "c:\program files\SonySA\SrchAs\sySrcAs.dll" [2006-03-02 94208]

.

[HKEY_CLASSES_ROOT\clsid\{f0f8c2b6-a911-4b4e-b2ae-89b82dc81f15}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F8C2B1-A911-4b4e-B2AE-89B82DC81F15}]

2006-03-02 23:46 94208 -c--a-w- c:\program files\SonySA\SrchAs\sySrcAs.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-17 4603264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-26 53248]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-10 217088]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]

"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]

"WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2006-07-27 73728]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-07-30 870240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-4-7 1773568]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-16 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 136176]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]

R3 B-Service;B-Service;c:\documents and settings\Ownr\Application Data\Mikogo\B-Service.exe [2011-04-10 185640]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 136176]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2006-06-09 77952]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2005-11-21 9216]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-16 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-06-14 21464]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-17 116608]

S2 aswFsBlk;aswFsBlk; [x]

S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-23 13440]

S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-23 33024]

S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-06-14 69976]

S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-01-30 818688]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPOD_SERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 17:18]

.

2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-05 17:18]

.

.

------- Supplementary Scan -------

.

uStart Page = https://securemail.purchase.edu/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: verizon.com\www22

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

FF - ProfilePath - c:\documents and settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Ownr\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-23 08:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1184)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\fusstub.dll

c:\program files\Protector Suite QL\infra.dll

c:\program files\Protector Suite QL\homefus.dll

c:\windows\system32\biologon.dll

c:\program files\Protector Suite QL\homepass.dll

c:\program files\Protector Suite QL\passport.dll

c:\program files\Protector Suite QL\BhTcAll.dll

c:\program files\Protector Suite QL\BhDevTfm.dll

c:\program files\Protector Suite QL\AlgVer.dll

c:\program files\Protector Suite QL\TCBioLib.dll

c:\program files\Protector Suite QL\remote.dll

c:\windows\system32\VESWinlogon.dll

c:\program files\Protector Suite QL\mysafe.dll

.

- - - - - - - > 'explorer.exe'(4456)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-08-23 08:42:06

ComboFix-quarantined-files.txt 2011-08-23 12:41

.

Pre-Run: 29,353,517,056 bytes free

Post-Run: 29,353,189,376 bytes free

.

- - End Of File - - 1FBE197D5EFF3D390D68F0079B435FC0

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi Chris,

Eset log.txt:

=============

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=4c4290f564c5d04da8bfb0d9fc899cf5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-27 10:13:27

# local_time=2011-08-27 06:13:27 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 113987856 113987856 0 0

# compatibility_mode=768 16777215 100 0 23144436 23144436 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=102140

# found=8

# cleaned=8

# scan_time=14402

C:\Documents and Settings\Ownr\Desktop\GooredFix Backups\C\Documents and Settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Ownr\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jlinmhkpefgommhcomdelfihkgmkclki\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Ownr\Application Data\Mozilla\Firefox\Profiles\h8ype9nd.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{4e264084-3b7a-44ed-b738-11128b1b9614}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{79653cd7-eff0-455f-a887-32e624b8edfd}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xfm9o6bt.default\extensions\{f7f877d1-7410-4f85-a899-5263cce8ba3b}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B7AFFC1A-8AB3-4141-AA3D-BD2DF76A1666}\RP476\A0126634.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

checkup.txt

===========

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

SonicStage Mastering Studio Audio Filter Custom Preset

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 20

Out of date Java installed!

Adobe Flash Player 10.3.183.5

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.1.12) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

I will follow up in a future message what issues remain, after I have a chance to observe the system following the running of the eset program.

Thanks,

Paul

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader 9.0

Java™ 6 Update 20

Restart your computer.

Get the latest version of Java and Adobe Reader.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.