Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another DNS changer victim....maybe


  • Please log in to reply

#1
bonsaimaster

bonsaimaster

    New Member

  • Member
  • Pip
  • 1 posts
I have a HP Vista PC. Recently I have been redirected to different websites when using google and other search engines. I finally was able to run Malwarebytes and it picked up some DNS files which it deleted it. However, the problem still continue and I used Combofix.exe and it appeared to have done some cleaning. I have been surfing and it looks like it has worked, but you never know. Attach is the log text I got from combofix if there is something there please help and I really appreicate you guys for the work you do....and continued doing.

ComboFix 09-03-06.02 - Rodolfo Muniz 2009-03-09 11:54:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1904 [GMT -7:00]
Running from: c:\users\Rodolfo Muniz\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxpxexrqcpgkfqpuiovgyinywwkmcmmyts.sys
c:\windows\system32\gaopdxiibeeopsbmpcexlappperhkhtqboigat.dll
c:\windows\system32\skinboxer43.dll
d:\recycler\S-7-5-64-100003367-100009392-100027513-5490.com
k:\recycler\S-7-5-64-100003367-100009392-100027513-5490.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 11:29 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-03-09 08:01 . 2009-03-09 08:01 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\Malwarebytes
2009-03-08 23:41 . 2009-03-08 23:42 301,391,764 --ah----- c:\windows\MEMORY.DMP
2009-03-08 23:40 . 2009-03-08 23:40 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\SUPERAntiSpyware.com
2009-03-08 23:40 . 2009-03-08 23:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-08 23:19 . 2009-03-08 23:19 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-08 23:19 . 2009-03-08 23:19 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-08 23:19 . 2009-03-09 08:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 23:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-08 23:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-06 13:21 . 2000-07-24 10:00 188,960 --a------ c:\windows\System32\WINGDE.DLL
2009-03-06 13:21 . 2000-07-24 10:00 92,208 --a------ c:\windows\System32\WING.DLL
2009-03-06 13:21 . 2000-07-24 10:00 12,800 --a------ c:\windows\System32\WING32.DLL
2009-03-06 13:21 . 2000-07-24 10:00 6,736 --a------ c:\windows\System32\WINGDIB.DRV
2009-03-06 13:21 . 2000-07-24 10:00 5,024 --a------ c:\windows\System32\WINGPAL.WND
2009-03-06 10:51 . 2002-05-08 02:09 274,432 --ah----- c:\windows\TLCUninstall.exe
2009-03-05 23:19 . 2009-03-05 23:19 <DIR> d-------- c:\program files\HDPlugin
2009-03-05 13:43 . 2009-03-05 13:43 <DIR> d-------- c:\windows\BBSTORE
2009-03-05 13:43 . 2009-03-06 13:21 <DIR> d-------- c:\program files\The Learning Company
2009-03-05 13:43 . 2001-05-16 17:57 190,976 --ah----- c:\windows\RRKW.pol
2009-03-05 13:43 . 2001-05-16 17:57 65,536 --a------ c:\windows\System32\ADVAPI32.1
2009-03-05 13:20 . 2009-03-05 13:20 0 --ah----- c:\windows\setup32.INI
2009-03-04 11:49 . 2008-11-26 18:39 1,195,384 --a------ c:\windows\System32\drivers\vsapint.sys
2009-03-04 11:49 . 2008-11-26 18:42 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2009-03-04 11:49 . 2008-11-26 18:42 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
2009-03-04 11:36 . 2009-03-06 10:48 <DIR> d-------- c:\windows\System32\Service
2009-03-04 11:16 . 2009-03-04 11:16 256,528 --a------ c:\windows\System32\drivers\tmwfp.sys
2009-03-04 11:16 . 2009-03-04 11:16 145,424 --a------ c:\windows\System32\drivers\tmlwf.sys
2009-03-04 11:16 . 2009-03-04 11:16 144,912 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-03-04 11:16 . 2009-03-04 11:16 80,400 --a------ c:\windows\System32\drivers\tmtdi.sys
2009-03-04 11:16 . 2009-03-04 11:16 50,192 --a------ c:\windows\System32\drivers\tmactmon.sys
2009-03-04 11:16 . 2009-03-04 11:16 49,680 --a------ c:\windows\System32\drivers\tmevtmgr.sys
2009-02-26 20:46 . 2009-02-26 20:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmpE3D3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmpB4B3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp6FB3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp5B93D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp37C3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp31A3D.FOT
2009-02-22 23:48 . 2009-02-22 23:48 <DIR> d-------- c:\program files\Stanza
2009-02-22 23:46 . 2009-02-22 23:47 <DIR> d-------- c:\program files\Java
2009-02-22 23:46 . 2009-02-22 23:46 <DIR> d-------- c:\program files\Common Files\Java
2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\iSilo
2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\program files\iSilo
2009-02-19 18:42 . 2009-02-19 18:42 1,409 --a------ c:\windows\System32\tmpFE8F0.FOT
2009-02-15 14:44 . 2008-12-04 21:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 14:44 . 2008-12-04 21:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 14:44 . 2008-12-04 21:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 14:44 . 2008-12-04 21:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 14:44 . 2008-12-04 21:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 23:39 . 2009-01-14 20:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 23:39 . 2009-01-14 23:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 06:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 06:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 06:11 --------- d-----w c:\program files\Disney Interactive
2009-03-08 00:03 --------- d-----w c:\users\Rodolfo Muniz\AppData\Roaming\uTorrent
2009-03-06 06:46 --------- d-----w c:\programdata\Roxio
2009-03-06 06:24 --------- d-----w c:\programdata\WinZip
2009-03-05 20:18 --------- d-----w c:\programdata\Trend Micro
2009-03-04 18:36 --------- d-----w c:\program files\Trend Micro
2009-02-23 06:48 --------- d-----w c:\program files\Bonjour
2009-02-20 01:42 --------- d-----w c:\programdata\Lx_cats
2009-02-19 03:37 --------- d-----w c:\programdata\Microsoft Help
2009-02-18 23:36 --------- d-----w c:\users\Rodolfo Muniz\AppData\Roaming\Apple Computer
2009-02-13 07:51 --------- d-----w c:\program files\Windows Mail
2009-02-01 02:45 --------- d-----w c:\program files\DivX
2009-01-28 20:30 --------- d-----w c:\program files\WinAVI MP4 Converter
2008-06-21 05:27 174 --sha-w c:\program files\desktop.ini
2008-01-24 01:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-24 01:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-24 01:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-10-26 01:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007102520071026\index.dat
2007-10-26 01:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2007-10-26 01:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2007-10-26 01:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-12 1773568]
"LxrAutorun"="c:\users\Rodolfo Muniz\AppData\Local\Lexar Media\LxrAutorun.exe" [2006-11-09 24576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"L09AXLRD_15812557"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2008-06-03 351000]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-09 20480]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2007-09-18 307200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-09-29 352256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-21 185896]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-04 970808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]

c:\users\Ana Hernandez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\users\Rodolfo Muniz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Chessmasterr Grandmaster Edition .LNK - c:\program files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe [2003-11-06 864256]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-03 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2C8A134-F14A-4252-AF2C-AFFF75DB3EE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8892AB9-A2ED-4BBB-8CBC-6383DF734454}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D5A61B3D-E4FA-4F08-A9DE-0EFCE5F5D648}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0559A56E-7BEA-4872-8BB7-516DC2BF1FBF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DDF7F5D-188B-465F-819C-9545F8735E30}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDCB6D80-D148-4376-B117-AF6DDD4926A2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{65B4BA42-510F-40DA-A186-32E513C5CB6E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A73E01D-683E-46E2-AD8E-5D77C690A298}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{28D10C9C-A25C-4B65-AEFF-742E6E55A506}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{58030CF2-F029-46CB-AFF3-A4274316E84C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C76707BC-B2BE-4514-B35B-5B8FF10D0350}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9AF7E9D0-BC16-498F-9399-C721B92A3CEE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB9EE20E-BE33-47F4-9495-EFA3CA9EBB6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2745670C-04B3-4FD0-AF5F-7C2AAD4588E1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{4DFA0B28-06D0-4BD5-899C-AD1C7F0C7492}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{5D8340D4-0996-44D8-869C-2E3165DA35B3}"= UDP:c:\windows\System32\lxcqcoms.exe:Lexmark Communications System
"{BBB983FF-676E-43F0-AC8A-FF27B42DEA1E}"= TCP:c:\windows\System32\lxcqcoms.exe:Lexmark Communications System
"{C5740364-747E-43B6-81B6-E0D477DCC83F}"= Disabled:UDP:135:TCP Port 135
"{68B352EB-DE79-45F0-A558-26D03BCA0DEE}"= Disabled:UDP:5000:TCP Port 5000
"{30E08C51-5AE7-4B30-8564-DE2253986C0F}"= Disabled:UDP:5001:TCP Port 5001
"{59E2C477-B786-417F-B565-5F423E66440A}"= Disabled:UDP:5002:TCP Port 5002
"{DA803F36-C805-4B93-943D-F4C0709D3E2B}"= Disabled:UDP:5003:TCP Port 5003
"{10E4E72E-AD68-4958-A339-3227EF8E7AB7}"= Disabled:UDP:5004:TCP Port 5004
"{FE8AD386-7AC5-4D22-8922-FEF47D84D860}"= Disabled:UDP:5005:TCP Port 5005
"{C3B97FFB-8474-4A2A-B6F9-4B9FD27AD7BA}"= Disabled:UDP:5006:TCP Port 5006
"{BD4A5931-FCD8-4FD1-A935-763315416068}"= Disabled:UDP:5007:TCP Port 5007
"{14717495-8AB7-4788-9A6C-90A05658F9C9}"= Disabled:UDP:5008:TCP Port 5008
"{4C067D2A-0E52-46AB-B444-E150360CF633}"= Disabled:UDP:5009:TCP Port 5009
"{11F6D830-5FF1-4443-A099-2BA7EA359760}"= Disabled:UDP:5010:TCP Port 5010
"{CD94824A-DB10-4517-845C-4F8CCB0C4A4F}"= Disabled:UDP:5011:TCP Port 5011
"{EBA4EDBB-0F79-4DF6-999A-FE75B85D5F4C}"= Disabled:UDP:5012:TCP Port 5012
"{DA99331B-B50C-4E22-985D-5D2BF4EC7D86}"= Disabled:UDP:5013:TCP Port 5013
"{A3B10423-9916-4FE6-89F0-C95593DD90B7}"= Disabled:UDP:5014:TCP Port 5014
"{55EA5233-6708-4037-8DB1-6A05AAED1B26}"= Disabled:UDP:5015:TCP Port 5015
"{42FDE30B-6C99-41F9-86B9-ECD57D6390C7}"= Disabled:UDP:5016:TCP Port 5016
"{E58A8AE8-FD7B-42EA-A9F6-71EC65FC3A6B}"= Disabled:UDP:5017:TCP Port 5017
"{E66D5A5E-E2C5-4C24-A2D5-E709BDB99C39}"= Disabled:UDP:5018:TCP Port 5018
"{D166369B-A0DD-48DF-8B17-0CAC446EAF80}"= Disabled:UDP:5019:TCP Port 5019
"{79538558-E39B-42FD-B29A-FD35B5B5A504}"= Disabled:UDP:5020:TCP Port 5020
"{6F59CE8D-B2D9-4756-B8C5-860850CFCADD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{046571E3-142E-4706-8B1A-EB2B075C6E55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0C25BD3A-D620-4343-81D5-52325E576059}"= UDP:c:\program files\Lexmark 9500 Series\lxdoamon.exe:Lexmark Device Monitor
"{08752F38-D649-4124-B697-1773D94FF5FD}"= TCP:c:\program files\Lexmark 9500 Series\lxdoamon.exe:Lexmark Device Monitor
"{B26F745C-6C5B-46F3-85B4-0DAC0DA927D8}"= UDP:c:\program files\Lexmark 9500 Series\frun.exe:Lexmark Productivity Studio
"{5FBF1D72-6B2D-4F18-B0D7-2A705AA50CA5}"= TCP:c:\program files\Lexmark 9500 Series\frun.exe:Lexmark Productivity Studio
"{55963BCC-BCC7-4611-B7DD-CCF10D0D589F}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{66411AEE-CDF5-4D43-8416-B59FADFF59CE}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{33A8E055-D164-4A29-8764-0C5153A5C9AD}"= UDP:c:\program files\Lexmark 9500 Series\lxdoFax.exe:Fax software
"{6694D65C-5C76-45FE-8D29-673390294CB0}"= TCP:c:\program files\Lexmark 9500 Series\lxdoFax.exe:Fax software
"{87B7B150-2FAE-4B2D-95E8-D2CEE3709B90}"= UDP:c:\program files\Lexmark 9500 Series\lxdomon.exe:Printer Device Monitor
"{3C7BD5DC-7B43-421B-9E94-07D654F2FE1F}"= TCP:c:\program files\Lexmark 9500 Series\lxdomon.exe:Printer Device Monitor
"{C650ED09-9201-4687-B392-FBB5444284B2}"= UDP:c:\windows\System32\lxdocoms.exe:Lexmark Communications System
"{4CBEC34E-9940-4283-96EF-CC42783E3D0C}"= TCP:c:\windows\System32\lxdocoms.exe:Lexmark Communications System
"{434D5398-822C-4C34-94C2-8105B63DA681}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdopswx.exe:Printer Status Window Interface
"{D9EB136A-DF15-4112-8739-61927C7FB7AE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdopswx.exe:Printer Status Window Interface
"{853A0248-FF27-468A-ABC2-71C9C21F6153}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdotime.exe:Lexmark Connect Time Executable
"{D8987DEE-2361-4EDE-9EDB-24F25471E9EA}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdotime.exe:Lexmark Connect Time Executable
"{79388F63-D59B-4805-90CA-FD025F9969BC}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdojswx.exe:Job Status Window Interface
"{09187AD9-317B-4FE0-A2AF-4C727E2B0C54}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdojswx.exe:Job Status Window Interface
"TCP Query User{8FBBD174-75C0-44FC-96E6-BCDB9F59E976}c:\\program files\\lexmark 9500 series\\lxdomon.exe"= UDP:c:\program files\lexmark 9500 series\lxdomon.exe:Printer Device Monitor
"UDP Query User{5FDFE818-676A-4130-97CE-E9E940802714}c:\\program files\\lexmark 9500 series\\lxdomon.exe"= TCP:c:\program files\lexmark 9500 series\lxdomon.exe:Printer Device Monitor
"{FB1F9792-C0B7-4204-9F21-A9F1494D5F9B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{75F013AB-0206-4243-9CC1-34411E020C51}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CFAFC9E2-AD0D-496A-9389-A83A585DF3E5}c:\\program files\\lexmark 9500 series\\frun.exe"= UDP:c:\program files\lexmark 9500 series\frun.exe:Printing Application
"UDP Query User{B85DEEB3-D486-4017-8510-9EAF2B63E0E4}c:\\program files\\lexmark 9500 series\\frun.exe"= TCP:c:\program files\lexmark 9500 series\frun.exe:Printing Application
"{06DD72A1-0C94-4EED-B135-B230E5502FC4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1C046F03-D438-4C6C-A1E0-CF1C0112396D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{77B2F969-55EC-4C5D-84D8-004EDD471480}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2077825F-8D26-4A9F-956F-0464382E6977}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5F5455B2-F609-4A75-B065-275F1B056E99}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2D3951A-5113-4DB2-BD2A-6C3FD1E6C606}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2009-03-04 145424]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-29 991232]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
R2 LxrSII1d;Secure II Driver;c:\windows\System32\drivers\LxrSII1d.sys [2007-11-28 72672]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2009-03-04 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-03-04 492888]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2009-03-04 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-03-04 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2009-03-04 256528]
S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdoserv.exe [2007-07-17 94208]
S3 FlyUsb;FLY Fusion;c:\windows\System32\drivers\FlyUsb.sys [2008-09-29 19456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a18b96c-5e85-11dd-b257-001bb9863122}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97897e1-0b98-11de-a51b-001bb9863122}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d789d43d-58f6-11dd-b733-001bb9863122}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E3673D27-D65E-4B00-91AB-003F943F0F55}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Rodolfo Muniz\AppData\Roaming\Mozilla\Firefox\Profiles\y58jrxbe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://ixquick.com/|http://mail.google.com/mail/?zx=1uvred5j1uke7&shva=1#inbox|https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http%3a//att.yahoo.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1193807976&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855|http://sfpl.org/|https://catalog.plsinfo.org/search/|https://www.bankofamerica.com/Control.do?page=corp_bofacom
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 12:01:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-03-09 12:03:54
ComboFix-quarantined-files.txt 2009-03-09 19:03:50

Pre-Run: 346,695,823,360 bytes free
Post-Run: 346,848,530,432 bytes free

282 --- E O F --- 2009-03-04 18:13:33
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP