Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

google search clicks redirecting to mfeed


  • Please log in to reply

#1
purnimay

purnimay

    New Member

  • Member
  • Pip
  • 1 posts
Hi can somebody help me out,

I have the same problem that many people have mentioned here. whenever I click on one of the google's search results it forwards me to random search sites like mfeed. I have tried malwarebytes and combofix but they are not helpfull. Malware bytes detected some but their removal did not help after reboot again i had the same problem. Ok finally the hijack thislog . Thanks for helping me




- Purnima
Hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:13 PM, on 11/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliADSIComm.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.qmhim-qa-vm5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = quadramed.com
O17 - HKLM\Software\..\Telephony: DomainName = quadramed.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{673F8D42-68CD-4F3C-ABDE-2CAA7CB753DB}: NameServer = 83.149.115.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = quadramed.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = quadramed.com
O20 - Winlogon Notify: GEWinlogonNotify - C:\WINDOWS\SYSTEM32\GENotify.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

--
End of file - 7658 bytes


ComboFixLog


ComboFix 09-11-20.05 - Purnima.Yagnambhatla 11/21/2009 11:53.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.484 [GMT -5:00]
Running from: c:\documents and settings\Purnima.Yagnambhatla\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Purnima.Yagnambhatla\My Documents\Downloads\cfscript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active


FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.

((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-20 23:22 . 2009-11-20 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-15 19:00 . 2009-11-15 19:01 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Temp
2009-11-15 18:59 . 2009-11-15 19:01 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google
2009-11-15 18:51 . 2009-11-15 18:51 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\Application Data\Malwarebytes
2009-11-15 18:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 18:51 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 15:25 . 2009-11-10 15:25 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-09 16:08 . 2009-11-09 16:08 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\PrivacIE
2009-11-09 15:44 . 2009-11-09 15:44 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\IETldCache
2009-11-09 14:05 . 2009-11-10 15:18 -------- dc----w- c:\windows\ie8
2009-11-09 14:04 . 2009-11-10 15:18 -------- d-----w- C:\acd3a413a69e7a08de9a22bbe4
2009-11-02 16:36 . 2009-11-15 18:56 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Deployment
2009-10-26 20:04 . 2008-04-14 09:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 17:41 . 2009-09-14 20:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-20 17:16 . 2009-09-26 13:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 16:14 . 2009-10-16 16:48 1607664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-17 18:17 . 2007-08-29 21:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 02:00 . 2009-09-29 17:16 -------- d-----w- c:\program files\CoffeeCup Software
2009-10-20 16:08 . 2009-10-20 16:08 -------- d-----w- c:\program files\Support Tools
2009-10-19 14:32 . 2009-09-14 17:02 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-16 15:27 . 2009-10-16 20:02 323 ----a-w- c:\windows\system32\do_ping.bat
2009-10-16 14:02 . 2009-10-16 14:02 -------- d-----w- c:\program files\MSXML 4.0
2009-09-29 17:17 . 2009-09-29 17:17 -------- d-----w- c:\documents and settings\Purnima.Yagnambhatla\Application Data\CoffeeCup Software
2009-09-26 13:55 . 2009-09-26 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 05:37 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-15 13:30 . 2009-09-14 16:32 1732672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-09-15 06:31 . 2009-09-14 16:32 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-09-14 19:44 . 2007-08-29 23:10 70112 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 16:30 . 2009-09-14 15:10 69672 ----a-w- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 15:33 . 2009-09-14 15:33 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-09-14 15:13 . 2009-09-14 15:13 143 ----a-w- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\fusioncache.dat
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2002-07-31 23:55 . 2009-09-29 17:22 104 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((( [email protected]_16.22.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 23:22 . 2009-11-20 23:22 49664 c:\windows\Installer\1b0fdf.msi
+ 2009-09-26 14:29 . 2009-11-21 15:30 563636 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-13 16:53 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-04 12:00 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-02-13 16:53 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-11-20 23:22 . 2009-11-20 23:22 15709696 c:\windows\Installer\1b0fe5.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2009-08-24 22:14 827392 ----a-w- c:\program files\Perforce\p4exp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
"Google Update"="c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"EAFRCliStart"="c:\program files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe" [2009-03-17 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-12-29 78848]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-19 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GEWinlogonNotify]
2009-03-17 18:33 73728 ----a-w- c:\windows\system32\GENotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [6/5/2008 8:53 AM 13440]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [6/5/2008 8:53 AM 83584]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 7:00 AM 26624]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 deserial;DialOut-EZ Port Driver;c:\windows\system32\drivers\deserial.sys [8/29/2007 5:22 PM 508565]
R2 EAFRCliManager;EAFRCliManager;c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe [3/17/2009 1:27 PM 221184]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 7:00 AM 3712]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/14/2009 9:41 AM 87936]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 3:53 PM 55664]

--- Other Services/Drivers In Memory ---

*Deregistered* - ephdlink
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-36397Core.job
- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-15 18:59]

2009-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13972982-349782009-317593308-36397UA.job
- c:\documents and settings\Purnima.Yagnambhatla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-15 18:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: qmhim-qa-vm5
TCP: {673F8D42-68CD-4F3C-ABDE-2CAA7CB753DB} = 83.149.115.182
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 12:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\EAFRCliGina.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliMgr.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EACaseConverter.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliSso.dll
c:\program files\GuardianEdge\GuardianEdge Clients\GENovell.dll
c:\windows\system32\EAFRCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManagerPS.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliWinGUI.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliDB.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliUserManagement.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAECC.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EPCL32.DLL
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliPwdUser.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFREventLog.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliDBWrapper.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliXlat.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliSSO.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAHDCliEAFS.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1052)
c:\program files\Perforce\p4exp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-21 12:08
ComboFix-quarantined-files.txt 2009-11-21 17:08
ComboFix2.txt 2009-11-21 16:19

Pre-Run: 57,301,524,480 bytes free
Post-Run: 57,283,166,208 bytes free

- - End Of File - - 18C6BA0B611CA23E718B2A9E8C2EADF2

Edited by purnimay, 21 November 2009 - 12:02 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP