Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Directed To Random Sites - Combofixlog


  • This topic is locked This topic is locked
2 replies to this topic

#1 VirusInfested

VirusInfested

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 30 September 2008 - 08:12 PM

Hi,
I think I am infested with spyware and malware. Since yesterday when I click on any of my google searches it directs me to random spyware sites.

I downloaded the Combofix.exe from this site and ran a fix and here is my log from it.

ComboFix 08-09-28.05 - Sameer 2008-09-30 17:53:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1579 [GMT -4:00]
Running from: C:\Documents and Settings\Sameer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\_003767_.tmp.dll
C:\WINDOWS\system32\_003768_.tmp.dll
C:\WINDOWS\system32\_003769_.tmp.dll
C:\WINDOWS\system32\_003770_.tmp.dll
C:\WINDOWS\system32\_003774_.tmp.dll
C:\WINDOWS\system32\_003775_.tmp.dll
C:\WINDOWS\system32\_003776_.tmp.dll
C:\WINDOWS\system32\_003777_.tmp.dll
C:\WINDOWS\system32\_003778_.tmp.dll
C:\WINDOWS\system32\_003779_.tmp.dll
C:\WINDOWS\system32\_003780_.tmp.dll
C:\WINDOWS\system32\_003781_.tmp.dll
C:\WINDOWS\system32\_003782_.tmp.dll
C:\WINDOWS\system32\_003783_.tmp.dll
C:\WINDOWS\system32\_003786_.tmp.dll
C:\WINDOWS\system32\_003787_.tmp.dll
C:\WINDOWS\system32\_003789_.tmp.dll
C:\WINDOWS\system32\_003790_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003793_.tmp.dll
C:\WINDOWS\system32\_003796_.tmp.dll
C:\WINDOWS\system32\_003797_.tmp.dll
C:\WINDOWS\system32\_003798_.tmp.dll
C:\WINDOWS\system32\_003799_.tmp.dll
C:\WINDOWS\system32\_003800_.tmp.dll
C:\WINDOWS\system32\_003801_.tmp.dll
C:\WINDOWS\system32\_003802_.tmp.dll
C:\WINDOWS\system32\_003804_.tmp.dll
C:\WINDOWS\system32\_003805_.tmp.dll
C:\WINDOWS\system32\_003806_.tmp.dll
C:\WINDOWS\system32\_003807_.tmp.dll
C:\WINDOWS\system32\_003809_.tmp.dll
C:\WINDOWS\system32\_003810_.tmp.dll
C:\WINDOWS\system32\_003811_.tmp.dll
C:\WINDOWS\system32\_003812_.tmp.dll
C:\WINDOWS\system32\_003813_.tmp.dll
C:\WINDOWS\system32\_003815_.tmp.dll
C:\WINDOWS\system32\_003816_.tmp.dll
C:\WINDOWS\system32\_003817_.tmp.dll
C:\WINDOWS\system32\_003818_.tmp.dll
C:\WINDOWS\system32\_003819_.tmp.dll
C:\WINDOWS\system32\_003820_.tmp.dll
C:\WINDOWS\system32\_003821_.tmp.dll
C:\WINDOWS\system32\_003823_.tmp.dll
C:\WINDOWS\system32\_003824_.tmp.dll
C:\WINDOWS\system32\_003825_.tmp.dll
C:\WINDOWS\system32\_003826_.tmp.dll
C:\WINDOWS\system32\_003827_.tmp.dll
C:\WINDOWS\system32\_003828_.tmp.dll
C:\WINDOWS\system32\_003830_.tmp.dll
C:\WINDOWS\system32\_003833_.tmp.dll
C:\WINDOWS\system32\_003834_.tmp.dll
C:\WINDOWS\system32\_003838_.tmp.dll
C:\WINDOWS\system32\_003839_.tmp.dll
C:\WINDOWS\system32\_003841_.tmp.dll
C:\WINDOWS\system32\_003844_.tmp.dll
C:\WINDOWS\system32\_003846_.tmp.dll
C:\WINDOWS\system32\_003847_.tmp.dll
C:\WINDOWS\system32\_003848_.tmp.dll
C:\WINDOWS\system32\_003849_.tmp.dll
C:\WINDOWS\system32\_003852_.tmp.dll
C:\WINDOWS\system32\_003853_.tmp.dll
C:\WINDOWS\system32\_003854_.tmp.dll
C:\WINDOWS\system32\_003855_.tmp.dll
C:\WINDOWS\system32\_003856_.tmp.dll
C:\WINDOWS\system32\_003861_.tmp.dll
C:\WINDOWS\system32\_003863_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\TDSSlog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-30 01:34 . 2008-09-30 01:34 155 --a------ C:\WINDOWS\wininit.ini
2008-09-30 00:09 . 2008-09-30 00:09 <DIR> d-------- C:\Program Files\ParetoLogic
2008-09-30 00:09 . 2008-09-30 00:09 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-09-30 00:09 . 2008-09-30 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-09-29 22:52 . 2008-09-29 22:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-29 21:21 . 2008-09-30 01:14 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-27 09:25 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-09-18 20:36 . 2008-09-18 20:37 <DIR> d-------- C:\Documents and Settings\Sameer\Application Data\mjusbsp
2008-08-14 19:37 . 2008-08-14 19:37 81,440 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-08-12 21:58 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-11 01:10 . 2008-09-27 13:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-11 01:10 . 2008-09-27 13:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-11 01:10 . 2008-09-27 13:40 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-11 01:10 . 2008-09-27 13:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-11 00:53 . 2004-08-04 06:00 71,040 --------- C:\WINDOWS\system32\drivers\_003747_.tmp.dll
2008-08-11 00:01 . 2008-04-13 20:12 8,461,312 --a------ C:\WINDOWS\system32\SET2BE.tmp
2008-08-11 00:00 . 2008-04-13 20:11 1,028,096 --a------ C:\WINDOWS\system32\SET44B.tmp
2008-08-10 23:59 . 2008-04-13 20:11 1,267,200 --a------ C:\WINDOWS\system32\SET584.tmp
2008-08-10 23:34 . 2008-09-29 23:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-10 22:36 . 2008-08-10 22:37 <DIR> d-------- C:\ff18dfbeb53da6c1388cd8ba7a8b4c3a
2008-08-10 15:31 . 2008-08-12 10:32 <DIR> d-------- C:\Program Files\Microsoft Expression
2008-08-10 13:37 . 2008-08-10 13:37 <DIR> d-------- C:\Program Files\CCleaner
2008-08-10 12:39 . 2008-09-30 01:34 <DIR> d-------- C:\Documents and Settings\Sameer\Application Data\RegClean
2008-08-09 22:56 . 2008-08-09 22:56 <DIR> d-------- C:\Program Files\Red Kawa
2008-08-09 22:56 . 2008-08-09 22:56 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-09 20:03 . 2008-08-09 20:08 <DIR> d-------- C:\Documents and Settings\Sameer\Application Data\Apple Computer
2008-08-09 20:02 . 2008-08-09 20:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-08-09 20:01 . 2008-09-10 17:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-09 11:26 . 2008-08-09 11:29 <DIR> d-------- C:\Program Files\QuickTime
2008-08-09 11:25 . 2008-08-09 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-30 04:47 59,715,494 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-30 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 03:43 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-09-30 03:37 4,556,800 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-30 03:37 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-09-30 03:33 841,216 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-09-30 02:39 90,112 ----a-w C:\WINDOWS\DUMP2c5f.tmp
2008-09-30 02:13 90,112 ----a-w C:\WINDOWS\DUMP4083.tmp
2008-09-29 05:23 600,632 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-29 05:23 51,073,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-28 13:49 --------- d-----w C:\Program Files\LogMeIn
2008-09-11 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-29 15:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-13 02:16 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-11 03:20 --------- d-----w C:\Program Files\MUSICMATCH
2008-08-10 17:29 2,732,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-08-10 04:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-08-10 03:17 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-08-10 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 18:47 --------- d-----w C:\Program Files\SopCast
2008-08-04 03:55 4,483,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 23:02 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET7D.tmp
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET5B.tmp
2006-10-03 07:43 2,402,550 ----a-w C:\WINDOWS\inf\SET1EF.tmp
2006-10-03 06:43 2,402,550 ----a-w C:\WINDOWS\inf\SET5F.tmp
2005-07-14 17:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 18:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"cdloader"="C:\Documents and Settings\Sameer\Application Data\mjusbsp\cdloader2.exe" [2008-08-22 50520]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2008-09-24 2643312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe" [2007-10-05 75256]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-03-04 606208]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-08 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2008-09-24 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cadmus Communications Cadmus VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cadmus Communications Cadmus VPN Client.lnk
backup=C:\WINDOWS\pss\Cadmus Communications Cadmus VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2006-04-06 11:51 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-08-24 03:18 437160 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-09 22:22 133104 C:\Documents and Settings\Sameer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 17:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-19 12:18 208941 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\Sameer\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{823b2735-85e2-11dd-b693-0012f08759df}]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\phone\command - E:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-mmtask - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
MSConfigStartUp-VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sameer\Application Data\Mozilla\Firefox\Profiles\htn6qlx4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 18:03:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Apoint\ApntEx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-30 18:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 22:51:04

Pre-Run: 7,906,066,432 bytes free
Post-Run: 7,757,680,640 bytes free

351 --- E O F --- 2008-09-28 06:02:03



*****************************************************************************************

I scanned using Malwarebyte Antimalware and it found no threats. My google searches are also working fine now.

Based on the log about am I ok now? What was i infected with? I have avg and zonealarm and adaware. I have never had a problem for the last 4 years with virus or malware.

Do I look ok now? Is there anything else I should install to protect myself in the future?

Anyhelp is appreciated.

Edited by VirusInfested, 30 September 2008 - 08:14 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:22 AM

Posted 11 October 2008 - 08:56 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:22 AM

Posted 16 October 2008 - 08:45 AM

As there has been no response, I will be closing this topic. If you require help in the future please create a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users