Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have a virus

Started by ed37sc , Oct 11 2010 07:25 PM

  • Please log in to reply

#1
ed37sc
Posted 11 October 2010 - 07:25 PM

ed37sc

    New Member

  • Member
  • Pip
  • 2 posts
A couple days ago, I noticed when I did a search it would go to another website, but after I hit the back button it would then allow me to do my search again and went to the correct place. Then when I clicked any link in the search results, in the task bar, it would show it was being redirected to a number of different sites. One I remember was welluse.com. a new tab would also open up showing it was a results.google.com and also a http://results.gugle.com/. Now it has got worse, when I go to login to a membership sites, it is redirecting me to a different place. I have to keep hitting the back button or refresh to finally get in. Note: This is doing this in IE and Firefox.

scanned my laptop with:
avast - Found Nothing
Microsoft Security Essentials - Found Nothing
Spybot & Destroy - Found Nothing
Super Anti Spyware - Found Nothing
W32/Olmarik Fixer - Found Nothing
F-Secrure Blacklight- Found Nothing
Rootkitbuster - Found Nothing
McAfee Stinger - Found Nothing
CWSShredder - Found Nothing
TDsskiller - Found Nothing

I tried installing Maleware Bytes to scan with it but I was having an updating error, so couldn't get it to update the definitions.

I however did install Hijack This and did a scan and wanted to see if any of you could help me get this fixed.

My laptop is running Windows XP

Hijack this scan long below:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:57 PM, on 10/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Mitch\My Documents\Downloads\malware-virus\hijackthis_sfx.exe
C:\Documents and Settings\Mitch\My Documents\Downloads\malware-virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1286067103367
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Combofix log:

ComboFix 10-10-11.01 - Mitch 10/11/2010 23:28:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1440 [GMT -4:00]
Running from: c:\documents and settings\Mitch\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\zwunzi119.xml
c:\windows\system32\x13
c:\windows\system32\Z55

.
((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-11 21:38 . 2010-10-11 21:38 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-11 08:28 . 2000-05-22 20:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2010-10-11 08:28 . 2010-10-11 08:28 -------- d-----w- c:\program files\AML Products
2010-10-11 07:15 . 2010-10-11 07:19 -------- d-----w- c:\program files\VS Revo Group
2010-10-11 05:22 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-10-11 05:22 . 2010-01-10 23:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-11 05:21 . 2010-10-11 05:24 -------- d-----w- c:\program files\SpywareBlaster
2010-10-11 05:16 . 2010-10-11 05:21 -------- d-----w- c:\program files\SpywareGuard
2010-10-11 04:35 . 2010-10-11 04:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-11 02:18 . 2010-10-11 04:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 21:38 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-04 17:23 . 2010-10-04 17:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-04 17:23 . 2010-10-04 17:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 15:47 . 2004-11-12 20:01 60416 ----a-w- c:\windows\system32\DSETUP.dll
2010-10-04 15:47 . 2004-10-11 15:28 671744 ----a-w- c:\windows\system32\DolbyHph.dll
2010-10-04 15:47 . 2010-10-04 15:47 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-04 15:47 . 2004-12-13 13:44 14848 ----a-w- c:\windows\system32\drivers\nvndis.sys
2010-10-04 15:47 . 2004-10-11 15:28 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-10-04 14:39 . 2008-11-24 16:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-10-04 14:39 . 2008-11-24 16:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-10-04 14:39 . 2008-11-24 16:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-10-04 14:39 . 2008-11-24 16:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-10-04 14:39 . 2008-11-24 16:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-04 03:03 . 2010-10-11 04:35 -------- d-----w- c:\documents and settings\Administrator.HOMEPC
2010-10-04 02:00 . 2010-10-04 02:00 40840 ----a-w- c:\windows\system32\drivers\levzmqqj.sys
2010-10-03 15:51 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-03 12:41 . 2003-05-04 21:25 98304 ----a-w- c:\windows\system32\HPBMOMON.dll
2010-10-03 12:41 . 2003-05-04 21:24 270336 ----a-w- c:\windows\system32\HPBMOBIP.dll
2010-10-03 12:41 . 2002-02-21 21:53 483328 ----a-w- c:\windows\system32\HPCDMC32.dll
2010-10-03 12:31 . 2010-10-03 12:31 -------- d-----w- C:\spoolerlogs
2010-10-03 01:11 . 2010-10-03 01:11 40840 ----a-w- c:\windows\system32\drivers\mhbnebig.sys
2010-10-03 00:57 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-03 00:48 . 2010-10-03 00:48 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-03 00:34 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-03 00:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-03 00:34 . 2010-10-03 00:34 -------- d-----w- C:\93c22effb026ae1c44dd814f
2010-10-03 00:34 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-03 00:34 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-03 00:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-03 00:34 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-03 00:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-03 00:34 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-03 00:34 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-02 19:17 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-02 19:17 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-02 19:17 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-02 19:17 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-02 19:17 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-02 19:17 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-01 19:39 . 2008-09-20 21:33 -------- d-----w- c:\program files\Adobe_Photoshop_CS3
2010-10-01 18:42 . 2010-10-01 18:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-01 14:16 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-10-01 14:00 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-01 14:00 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-01 13:59 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-01 13:59 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-01 13:59 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-01 13:53 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-01 13:50 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-01 13:34 . 2010-07-22 05:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-01 13:34 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-01 13:12 . 1999-03-22 16:29 233472 ----a-w- c:\windows\system32\Ilda32.dll
2010-10-01 12:51 . 2010-10-01 12:54 -------- dc-h--w- c:\windows\ie8
2010-10-01 12:39 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-10-01 12:15 . 2010-09-14 23:00 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-10-01 12:15 . 2010-09-14 22:59 23512 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-10-01 12:15 . 2010-09-14 22:59 14808 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-01 12:15 . 2010-09-14 22:59 718296 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-01 12:07 . 2010-10-01 14:12 -------- d-----w- c:\program files\Google
2010-10-01 12:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-01 12:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-01 12:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-01 12:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-01 12:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-01 12:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-01 12:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-01 12:07 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-01 12:07 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-01 11:33 . 2006-08-23 15:48 53248 ----a-w- c:\windows\iwlanver.dll
2010-10-01 11:31 . 2010-10-01 11:31 -------- d-----w- c:\program files\Altiris
2010-10-01 11:28 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-01 11:28 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-10-01 11:28 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-10-01 11:26 . 2003-06-09 17:31 151552 ----a-w- c:\windows\system32\cpqdiag.cpl
2010-10-01 11:26 . 2002-08-19 18:35 19845 ----a-w- c:\windows\system32\drivers\Cpqdfw.sys
2010-10-01 11:26 . 1999-05-19 18:00 18208 ----a-w- c:\windows\system32\drivers\CQ_MEM.SYS
2010-10-01 11:26 . 1998-09-30 11:36 154436 ----a-w- c:\windows\system32\drivers\Cqcpu.sys
2010-10-01 11:20 . 2010-10-01 11:20 -------- d-----w- c:\program files\GCC4243N_fw
2010-10-01 11:19 . 2004-11-04 22:42 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-10-01 11:19 . 2004-11-04 22:39 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-10-01 11:19 . 2004-11-04 22:29 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-10-01 11:19 . 2004-11-04 22:29 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-10-01 11:19 . 2004-11-04 22:28 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-01 11:19 . 2004-11-04 22:26 186016 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-10-01 11:18 . 2004-08-10 17:57 245760 ----a-w- c:\windows\system32\Hpqsetup.cpl
2010-10-01 11:18 . 2004-02-20 14:35 59044 ----a-r- c:\windows\system32\drivers\clntmgmt.sys
2010-10-01 11:18 . 1998-06-18 05:08 53248 ----a-w- c:\windows\system32\Mfc42enu.dll
2010-10-01 11:18 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-10-01 11:17 . 2010-10-03 12:41 -------- d-----w- c:\program files\Hewlett-Packard
2010-10-01 11:17 . 2002-10-15 14:13 32356 ------w- c:\windows\system32\pusbfd1.sys
2010-10-01 11:17 . 2002-10-15 14:13 26629 ------w- c:\windows\system32\pusbfd2.vxd
2010-10-01 11:17 . 2010-10-01 11:17 -------- d-----w- c:\program files\HPQ
2010-10-01 11:17 . 2010-10-01 11:17 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-10-01 11:17 . 2003-02-27 20:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-10-01 11:17 . 2002-12-05 18:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-10-01 11:17 . 2002-12-02 19:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-10-01 11:17 . 2002-12-02 17:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-10-01 11:17 . 2002-12-02 17:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-10-01 11:16 . 2010-10-01 11:16 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-10-01 11:16 . 2010-10-01 11:16 -------- d-----w- c:\windows\tiinst
2010-10-01 11:13 . 2003-11-10 22:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-10-01 11:13 . 2010-10-01 11:13 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-10-01 11:13 . 2010-10-01 11:13 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-10-01 11:13 . 2003-11-10 22:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-10-01 11:13 . 2003-11-10 22:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-10-01 11:13 . 2003-11-10 22:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-10-01 11:13 . 2003-11-10 22:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-10-01 11:13 . 2003-11-10 22:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-10-01 11:13 . 2010-10-01 11:29 -------- d-----w- c:\program files\ATI Technologies
2010-10-01 10:20 . 2010-10-01 10:20 -------- d-----w- c:\windows\Options
2010-10-01 10:19 . 2006-11-01 12:57 176128 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-10-01 10:19 . 2005-05-11 22:47 69632 ------w- c:\windows\system32\bcmwlD2K.EXE
2010-10-01 10:19 . 2005-05-11 22:47 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2010-10-01 10:17 . 2010-10-01 10:17 -------- d-----w- c:\program files\DIFX
2010-10-01 10:17 . 2010-10-01 10:17 -------- dc----w- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 88209]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Mitch^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-05-16 01:00 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-01 12:57 1282048 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2003-07-17 17:50 184412 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Printing]
2003-05-23 17:12 630784 ----a-w- c:\program files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LidPolicy]
2004-04-27 16:58 24576 ----a-w- c:\program files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-28 14:04 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/1/2010 8:07 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/1/2010 8:07 AM 17744]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
FF - ProfilePath - c:\documents and settings\Mitch\Application Data\Mozilla\Firefox\Profiles\rn90vtm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-10-11 23:35:43
ComboFix-quarantined-files.txt 2010-10-12 03:35

Pre-Run: 35,616,051,200 bytes free
Post-Run: 35,647,918,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin

- - End Of File - - A38FC491A88ADD158017A069FA852EEF



Ed

Edited by ed37sc, 11 October 2010 - 09:37 PM.

  • 0

Advertisements

#2
ed37sc
Posted 12 October 2010 - 05:28 AM

ed37sc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I seem to have fixed this search redirecting virus. I booted in safe mode and run the tdsskiller and finally found what was causing my problem. Even after I found it and ran ccleaner to clean things up, I still had to reset my router, and set it back up, since my ip addresses had been changed. Now all is working fine, sure hope that's the end of this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP