Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Firefox Targeting Competing VPN Sites With ProtonVPN Offer in New Test

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

Google Search is Redirecting to Ad pages

Started by Xare , Jan 03 2009 04:57 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 Xare

Xare

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:01:26 AM

Posted 03 January 2009 - 04:57 PM

Google search is redirecting me to ad pages.


When I search for something and the results come up, then I click on one of the links it brings up an ad page. If I go back and click on the link again it takes me to the page I wanted.


So I looked at my running processes and saw 2 suspicious entries.


I started running anti virus programs.


I have Adaware, Kaspersky, Spy Sweeper, Spy bot search and Destroy, CC cleaner, Windows washer. And I even tried Online Virus scanner from Trend Micro.


The last thing I tried was malwarebytes ant malware program.

It removed the Trojan but iam still getting re directed when I search on google.




here is dds log:

DDS (Version 1.1.0) - NTFSx86
Run by Myles at 16:53:19.64 on Sat 01/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1451 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Webroot Internet Security Essentials *disabled*
FW: Kaspersky Anti-Virus *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Myles\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
uInternet Settings,ProxyServer = 195.175.37.70:8080
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [SigmatelSysTrayApp] "c:\windows\stsystra.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SmcService] "c:\progra~1\sygate\spf\smc.exe" -startgui
mRun: [RAM Idle Professional] "c:\program files\ram idle\RAM_XP.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [amd_dc_opt] "c:\program files\amd\dual-core optimizer\amd_dc_opt.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.09\RivaTuner.exe" /S
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\myles\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\myles\applic~1\mozilla\firefox\profiles\5zxmr4i1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\myles\application data\mozilla\firefox\profiles\5zxmr4i1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: XUL Cache: {F4F3582D-2C95-4674-9C2E-673F72048A1F} - c:\documents and settings\myles\local settings\application data\{F4F3582D-2C95-4674-9C2E-673F72048A1F}

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 112144]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-8-25 33824]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-11-12 3667312]
R4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-12-2 1086840]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S4 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]

============== File Associations ===============

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2009-01-03 07:12 <DIR> --d----- C:\VundoFix Backups
2008-12-29 21:47 69 a------- c:\windows\NeroDigital.ini
2008-12-29 19:38 <DIR> --d----- c:\docume~1\myles\applic~1\Malwarebytes
2008-12-29 19:37 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-29 19:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 19:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-29 19:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 18:56 4,767 a------- c:\windows\Irremote.ini
2008-12-28 18:35 <DIR> --d----- c:\program files\Nero
2008-12-28 00:09 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-28 00:08 <DIR> --d----- c:\documents and settings\myles\.housecall6.6
2008-12-27 03:49 <DIR> --d----- c:\program files\YASAMP4Converter
2008-12-12 07:27 391,168 a------- c:\windows\UnInstallExposed.exe
2008-12-12 07:27 <DIR> --d----- c:\program files\Red Dragon Software
2008-12-12 03:27 133,120 a------- c:\windows\ifiwenuqave.dll
2008-12-09 04:22 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 03:44 <DIR> --d----- c:\program files\Rockstar Games
2008-12-08 20:26 205,151 a------- c:\windows\system32\nvapps.xml
2008-12-08 20:26 453,152 a------- c:\windows\system32\nvudisp.exe
2008-12-08 20:26 18,696 a------- c:\windows\system32\nvdisp.nvu
2008-12-08 20:26 <DIR> --d----- c:\windows\nview
2008-12-08 20:25 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-04 16:54 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2008-12-04 16:54 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2008-12-04 16:54 26,368 a------- c:\windows\system32\dllcache\usbstor.sys

==================== Find3M ====================

2009-01-03 16:53 1,768,480 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-03 16:52 85,216,800 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-03 00:43 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 00:43 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-12-30 02:16 1,132,172 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-30 02:16 166,100 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-02 14:39 164 a------- C:\install.dat
2008-11-20 15:44 42,320 a------- c:\windows\system32\xfcodec.dll
2008-11-18 22:39 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-11-18 22:39 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-11-17 03:37 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-13 17:11 1,553,272 a------- c:\windows\WRSetup.dll
2008-11-13 03:03 22,328 ac------ c:\docume~1\myles\applic~1\PnkBstrK.sys
2008-11-13 03:02 682,280 a------- c:\windows\system32\pbsvc.exe
2008-11-12 16:02 170,608 a------- c:\windows\system32\drivers\ssidrv.sys
2008-11-12 16:02 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 16:02 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2008-11-12 11:55 88,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-26 23:53 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2006-12-14 04:21 88 ---shr-- c:\windows\system32\2604239F3E.sys
2006-12-14 04:21 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:54:04.75 ===============


BC AdBot (Login to Remove)

 

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:26 AM

Posted 05 January 2009 - 08:36 AM

Hello Xare and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder

Edited by Thunder, 05 January 2009 - 08:38 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Xare

Xare
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:01:26 AM

Posted 05 January 2009 - 06:51 PM

Ok I ran both of the tools.

Here are the 2 logs:


GooredFix v1.71 by jpshortstuff
Log created at 17:54 on 05/01/2009 running Option #2 (Myles)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{F4F3582D-2C95-4674-9C2E-673F72048A1F}"="C:\Documents and Settings\Myles\Local Settings\Application Data\{F4F3582D-2C95-4674-9C2E-673F72048A1F}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Myles\Local Settings\Application Data\{F4F3582D-2C95-4674-9C2E-673F72048A1F}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"





ComboFix 09-01-05.03 - Myles 2009-01-05 18:22:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1508 [GMT -5:00]
Running from: c:\documents and settings\Myles\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Webroot Internet Security Essentials *disabled*
FW: Kaspersky Anti-Virus *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Legacy_PACKET
-------\Service_oreans32
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-03 07:12 . 2009-01-03 07:12 <DIR> d-------- C:\VundoFix Backups
2008-12-29 21:47 . 2008-12-29 21:48 69 --a------ c:\windows\NeroDigital.ini
2008-12-29 19:38 . 2008-12-29 19:38 <DIR> d-------- c:\documents and settings\Myles\Application Data\Malwarebytes
2008-12-29 19:37 . 2008-12-29 19:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 19:37 . 2008-12-29 19:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 19:37 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 19:37 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 18:56 . 2008-12-28 18:56 4,767 --a------ c:\windows\Irremote.ini
2008-12-28 18:53 . 2008-12-28 18:53 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-28 18:35 . 2008-12-28 18:55 <DIR> d-------- c:\program files\Nero
2008-12-28 18:34 . 2008-12-28 18:47 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-28 00:09 . 2008-12-28 00:08 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-28 00:08 . 2008-12-29 19:55 <DIR> d-------- c:\documents and settings\Myles\.housecall6.6
2008-12-27 03:49 . 2008-12-27 03:58 <DIR> d-------- c:\program files\YASAMP4Converter
2008-12-12 07:27 . 2008-12-12 07:27 <DIR> d-------- c:\program files\Red Dragon Software
2008-12-12 07:27 . 2003-10-28 05:51 391,168 --a------ c:\windows\UnInstallExposed.exe
2008-12-12 03:27 . 2008-12-12 03:27 133,120 --a------ c:\windows\ifiwenuqave.dll
2008-12-09 04:22 . 2008-12-09 05:51 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 03:44 . 2008-12-09 03:46 <DIR> d-------- c:\program files\Rockstar Games
2008-12-08 20:26 . 2008-12-08 20:26 <DIR> d-------- c:\windows\nview
2008-12-08 20:26 . 2008-12-02 23:11 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-12-08 20:26 . 2009-01-05 18:27 205,151 --a------ c:\windows\system32\nvapps.xml
2008-12-08 20:26 . 2008-12-02 23:11 18,696 --a------ c:\windows\system32\nvdisp.nvu
2008-12-08 20:25 . 2008-12-02 10:13 453,152 --a------ c:\windows\system32\NVUNINST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 23:29 85,878,048 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-05 23:26 1,781,536 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-05 23:24 167,972 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-05 23:24 1,151,060 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-05 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-05 23:14 --------- d-----w c:\documents and settings\Myles\Application Data\Azureus
2009-01-03 05:43 139,152 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-03 05:43 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-30 05:10 --------- d-----w c:\program files\Excer
2008-12-29 20:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-29 01:00 --------- d-----w c:\documents and settings\Myles\Application Data\Nero
2008-12-28 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-28 08:35 --------- d-----w c:\program files\Trainer Maker Kit
2008-12-18 21:01 --------- d-----w c:\documents and settings\Myles\Application Data\uTorrent
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:12 --------- d-----w c:\program files\mIRC
2008-12-09 08:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 20:37 --------- d-----w c:\documents and settings\Myles\Application Data\Xfire
2008-12-02 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2008-12-02 19:51 --------- d-----w c:\program files\Webroot
2008-12-02 19:51 --------- d-----w c:\documents and settings\Myles\Application Data\Webroot
2008-12-02 19:39 164 ----a-w C:\install.dat
2008-11-29 21:45 --------- d-s---w c:\program files\Xfire
2008-11-22 09:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-22 09:04 --------- d-----w c:\documents and settings\Myles\Application Data\SystemRequirementsLab
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-19 03:39 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-19 03:39 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-19 03:19 --------- d-----w c:\program files\Deep Silver
2008-11-19 03:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-17 08:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-13 22:11 1,553,272 ----a-w c:\windows\WRSetup.dll
2008-11-13 18:51 --------- d-----w c:\program files\Activision
2008-11-13 08:03 22,328 -c--a-w c:\documents and settings\Myles\Application Data\PnkBstrK.sys
2008-11-13 08:02 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-11-12 21:02 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 21:02 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2008-11-12 21:02 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys
2008-11-12 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-12 01:03 --------- d-----w c:\program files\Bethesda Softworks
2008-11-12 01:02 --------- d-----w c:\program files\MSBuild
2008-11-12 00:59 --------- d-----w c:\program files\Reference Assemblies
2008-10-28 22:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 22:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-27 04:53 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2006-12-14 09:21 88 --sh--r c:\windows\system32\2604239F3E.sys
2006-12-14 09:21 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-06-30 2376928]
"RAM Idle Professional"="c:\program files\RAM Idle\RAM_XP.exe" [2003-02-09 101888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

c:\documents and settings\Myles\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Documents and Settings\\Myles\\Desktop\\Quick Links\\NRPG RatioMaster.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-07-14 13824]
R4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R4 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-12-02 1086840]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-07-14 13696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AE7E75F5-1B02-0470-255B-1BD22B8684B3}]
c:\documents and settings\Myles\Application Data\iexplore.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

2009-01-02 c:\windows\Tasks\wrSpySweeper_L05936252EC0E4FF6901A2D18CEE63756.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-02 c:\windows\Tasks\wrSpySweeper_L05936252EC0E4FF6901A2D18CEE63756.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 17:11]

2009-01-02 c:\windows\Tasks\wrSpySweeper_L05936252EC0E4FF6901A2D18CEE63756.job
- c:\","d:\","e:\","f:\","G:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uInternet Settings,ProxyServer = 195.175.37.70:8080
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\documents and settings\Myles\Application Data\Mozilla\Firefox\Profiles\5zxmr4i1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Myles\Application Data\Mozilla\Firefox\Profiles\5zxmr4i1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.
.
------- File Associations -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 18:26:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(1100)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll

- - - - - - - > 'explorer.exe'(2824)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\windows\system32\SSSensor.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2009-01-05 18:32:40 - machine was rebooted [Myles]
ComboFix-quarantined-files.txt 2009-01-05 23:32:31

Pre-Run: 23,862,059,008 bytes free
Post-Run: 23,703,871,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

302 --- E O F --- 2008-12-18 08:01:27






After Combofix was done, I rebooted my PC.

My Kaspersky did not load at start up. So I opened it manually and as soon as it loaded it detected something.


Posted Image
Posted Image

Posted Image
Posted Image




After another restart Kaspersky is loading up normally and my search functionality is back. No more ads...

Edited by Xare, 05 January 2009 - 07:43 PM.

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:26 AM

Posted 06 January 2009 - 04:38 AM

Hello Xare,

Looking a lot better now. :thumbsup:

My Kaspersky did not load at start up. So I opened it manually and as soon as it loaded it detected something.

Not a good idea !! You may encounter some problems removing the tools we used, since it falsly detected components of MBAM and ComboFix as malicious. If you deleted those detections, you may have to redownload the tools in order to be able to uninstall them prpoperly, but that's a minor issue. :)

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please go to http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button, browse to:
c:\windows\ifiwenuqave.dll
Then click on 'Send File'.
Post the results into your next reply.
If it's found to be malware, delete the file using Windows Explorer.

No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Xare

Xare
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
    •  
  • Local time:01:26 AM

Posted 06 January 2009 - 01:23 PM

Ok Combofix is uninstalled.


Scan of ifiwenuqave.dll shows

Result: 2/38 5.27%


Microsoft 1.4205 2009.01.06 Trojan:Win32/Hiloti.gen!A
NOD32 3743 2009.01.06 a variant of Win32/Cimag



I deleted it with no problems.



All seems good now


:thumbsup:


Thanks for the assistance.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:26 AM

Posted 06 January 2009 - 01:30 PM

Glad we could help, Xare :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·