Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redierct Virus


  • This topic is locked This topic is locked
1 reply to this topic

#1 maximus34

maximus34

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 11 April 2009 - 03:16 PM

Hello,

I have windows vista and I recieved a redirect virus a couple of days ago. I recently ran "Combo-Fix" but it didn't solve the problem. I believe this virus is preventing me form running anti-virus programs on the computer. Here is my log after running combo-fix:

ComboFix 09-04-04.01 - rick 2009-04-11 15:56:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2144 [GMT -4:00]
Running from: c:\users\rick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 15:50 . 2009-04-11 15:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-04-11 15:50 . 2009-04-11 15:50 <DIR> d-------- c:\programdata\Malwarebytes
2009-04-11 15:50 . 2009-04-11 15:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 15:50 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-11 15:50 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-11 15:45 . 2009-04-11 15:45 <DIR> d-------- c:\windows\LastGood
2009-04-09 22:56 . 2009-04-09 22:56 <DIR> d-------- c:\program files\Microsoft
2009-04-09 22:52 . 2009-04-09 22:52 <DIR> d-------- c:\program files\AVG
2009-04-09 22:52 . 2009-04-09 22:52 23,832 --a------ c:\windows\System32\drivers\avgfwd6x.sys
2009-04-09 22:07 . 2009-04-09 22:07 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-04-09 22:07 . 2008-08-21 15:00 131,193 --a------ c:\windows\System32\dlxbuzil.dll
2009-04-09 12:55 . 2009-04-09 22:01 <DIR> d-------- c:\users\All Users\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-09 12:55 . 2009-04-09 22:01 <DIR> d-------- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-04-09 12:54 . 2009-04-09 23:35 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-04-09 12:54 . 2009-04-09 22:58 <DIR> d-------- c:\users\All Users\Norton
2009-04-09 12:54 . 2009-04-09 23:35 <DIR> d-------- c:\programdata\NortonInstaller
2009-04-09 12:54 . 2009-04-09 22:58 <DIR> d-------- c:\programdata\Norton
2009-04-09 12:45 . 2009-04-09 12:45 <DIR> d-------- c:\users\All Users\Symantec Temporary Files
2009-04-09 12:45 . 2009-04-09 12:45 <DIR> d-------- c:\programdata\Symantec Temporary Files
2009-04-01 10:57 . 2009-04-01 10:57 <DIR> d-------- c:\users\rick\AppData\Roaming\Smith Micro
2009-04-01 10:55 . 2009-04-01 10:55 <DIR> d-------- c:\program files\Verizon Wireless
2009-04-01 10:53 . 2009-04-01 10:53 <DIR> d-------- c:\program files\Novatel Wireless
2009-04-01 10:52 . 2009-04-01 10:52 <DIR> d-------- c:\users\rick\AppData\Roaming\InstallShield
2009-03-24 10:59 . 2008-06-19 21:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-24 10:59 . 2008-06-19 21:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-24 10:59 . 2008-06-19 21:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-24 10:59 . 2008-06-19 21:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-24 10:59 . 2008-06-19 21:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-24 10:59 . 2008-06-19 21:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-24 10:59 . 2008-06-19 21:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-24 10:59 . 2008-06-19 21:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-24 10:50 . 2008-07-27 14:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-24 10:49 . 2008-07-27 14:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-24 10:49 . 2008-07-27 14:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-24 10:49 . 2008-07-27 14:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-24 10:49 . 2008-07-27 14:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-17 12:50 . 2009-03-17 12:50 <DIR> d----c--- C:\dell
2009-03-13 13:42 . 2009-03-13 13:42 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 13:42 . 2009-03-13 13:42 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 13:42 . 2009-03-13 13:42 <DIR> d-------- c:\program files\iTunes
2009-03-13 13:42 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-03-13 13:42 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-03-13 13:39 . 2009-03-13 13:40 <DIR> d-------- c:\program files\QuickTime
2009-03-13 13:22 . 2009-03-13 13:22 <DIR> d-------- c:\program files\Bonjour
2009-03-11 10:26 . 2009-03-11 10:28 <DIR> d-------- c:\windows\System32\Adobe
2009-03-11 10:25 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:25 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:25 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:25 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:24 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:24 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 19:39 365,800 ----a-w c:\users\All Users\nvModes.dat
2009-04-11 19:39 365,800 ----a-w c:\programdata\nvModes.dat
2009-04-10 03:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 01:26 --------- d-----w c:\program files\Yahoo!
2009-04-09 16:59 --------- d-----w c:\program files\Google
2009-04-09 14:11 --------- d-----w c:\users\rick\AppData\Roaming\NCH Swift Sound
2009-04-09 14:11 --------- d-----w c:\program files\NCH Swift Sound
2009-04-03 16:40 --------- d-----w c:\programdata\NCH Swift Sound
2009-03-29 20:50 466 ----a-w c:\users\rick\AppData\Roaming\wklnhst.dat
2009-03-24 22:37 --------- d-----w c:\program files\Java
2009-03-21 00:37 --------- d-----w c:\users\rick\AppData\Roaming\U3
2009-03-13 17:42 --------- d-----w c:\program files\iPod
2009-03-13 17:42 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 14:19 --------- d-----w c:\program files\Windows Mail
2009-03-10 20:25 --------- d-----w c:\users\rick\AppData\Roaming\PCF-VLC
2009-03-09 23:38 --------- d-----w c:\program files\Teknia
2009-03-09 09:19 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-02 17:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 21:32 --------- d-----w c:\users\rick\AppData\Roaming\Libronix DLS
2009-02-28 21:21 --------- d-----w c:\programdata\Libronix DLS
2009-02-28 21:21 --------- d-----w c:\program files\Libronix DLS
2009-02-27 15:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 04:09 --------- d-----w c:\users\rick\AppData\Roaming\PeerNetworking
2009-02-19 00:07 --------- d-----w c:\programdata\NVIDIA
2009-02-11 20:09 330,416 ----a-w c:\users\rick\AppData\Roaming\nvModes.dat
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-03-19 20:50 97,280 ----a-w c:\program files\Common Files\pcsbClean.exe
2008-03-07 00:31 134,656 ----a-w c:\program files\Common Files\PCSBoff.exe
2008-02-09 02:39 7,680 ----a-w c:\users\rick\testtool.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)


Any help would be most appreciated!

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:02:00 AM

Posted 11 April 2009 - 03:43 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users