Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Hijacking worm/virus/trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 theocrat

theocrat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 30 October 2009 - 01:34 PM

I have been trying to remove a hijacking worm/virus for over a week. I realized I had the virus when I would Google something and be redirected to a different site than what I clicked on.

I am using Vista OS on a HP Pavilion laptop.

I have ran several scans (AVG, Malwarebytes, SuperAntiSpyware, Spybot - SD, Ad-Aware, etc.) sometimes the scan seems to find something and sometimes the scan finds nothing although I still am being hijacked.

When I am hijacked I notice a couple of different icons in the URL address. One looks a "2" or a fancy "Q" written in longhand. There is another one of these icons that sometimes appears less often. That one looks like a green world globe with the longitude and latitude lines drawn on it. And sometimes I can do a Google search and I am not hijacked.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Robert at 13:02:01.38 on Fri 10/30/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1510 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CSHelper.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Users\Robert\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL,avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\knrpljun.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwbe.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\robert\appdata\roaming\mozilla\firefox\profiles\knrpljun.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\robert\appdata\roaming\mozilla\firefox\profiles\knrpljun.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-10-29 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-29 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-3 64160]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-10-29 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-29 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-29 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-29 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-10-29 2321720]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-10-29 5832712]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-7 266240]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-24 1153368]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-10-29 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-10-29 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-10-29 27800]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 gupdate1c9e6dc22669ac6;Google Update Service (gupdate1c9e6dc22669ac6);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-8 30192]

=============== Created Last 30 ================

2009-10-30 14:38:22 21504 ----a-w- c:\windows\system32\tdlwsp.dll
2009-10-29 20:27:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 20:27:48 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-10-29 20:27:47 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-29 20:27:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-29 20:27:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 20:27:38 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-29 20:27:35 0 d-----w- c:\programdata\AVG Security Toolbar
2009-10-29 20:26:27 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-29 20:13:15 0 d-s---w- C:\ComboFix
2009-10-28 21:45:44 0 d-s---w- C:\19267Repair116301
2009-10-28 17:08:36 0 d-s---w- C:\19267Repair30191
2009-10-28 16:59:30 98816 ----a-w- c:\windows\sed.exe
2009-10-28 16:59:30 77312 ----a-w- c:\windows\MBR.exe
2009-10-28 16:59:30 236544 ----a-w- c:\windows\PEV.exe
2009-10-28 16:59:30 161792 ----a-w- c:\windows\SWREG.exe
2009-10-28 16:59:16 0 d-s---w- C:\19267Repair
2009-10-28 14:56:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 14:56:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 20:55:48 0 d-----w- C:\RegSearch
2009-10-25 17:18:30 35 ----a-w- c:\users\robert\appdata\roaming\SetValue.bat
2009-10-25 17:18:29 691 ----a-w- c:\users\robert\appdata\roaming\GetValue.vbs
2009-10-25 17:13:12 7084 ----a-w- c:\windows\system32\tmp.reg
2009-10-24 22:30:54 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-24 22:30:54 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 16:32:23 0 d-----w- c:\program files\Trend Micro
2009-10-23 16:01:21 0 d-----w- c:\users\robert\appdata\roaming\Uniblue
2009-10-23 15:58:42 0 d-----w- c:\program files\Uniblue
2009-10-23 15:44:50 0 d-----w- c:\programdata\AOL
2009-10-22 22:23:39 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-22 22:23:21 0 d-----w- c:\users\robert\appdata\roaming\SUPERAntiSpyware.com
2009-10-22 22:23:21 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 22:22:20 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-22 19:10:38 0 d-----w- c:\users\robert\appdata\roaming\Malwarebytes
2009-10-22 19:10:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 19:10:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 19:10:31 0 d-----w- c:\programdata\Malwarebytes
2009-10-22 19:10:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 01:30:52 0 d-----w- c:\program files\AdwarePro
2009-10-17 19:41:20 0 d--h--w- C:\$AVG
2009-10-17 19:40:27 0 d-----w- c:\programdata\avg9
2009-10-14 18:58:49 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 18:58:44 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-14 18:58:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-14 18:58:10 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 18:58:10 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 18:48:06 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 18:33:04 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 18:28:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-07 17:08:05 0 d-----w- c:\programdata\Office Genuine Advantage
2009-10-07 17:08:03 0 d-----w- c:\users\robert\Office Genuine Advantage
2009-10-06 15:10:35 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 15:10:06 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 15:09:54 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 15:09:54 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 16:11:36 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-10-30 15:25:48 118654 ----a-w- c:\programdata\nvModes.dat
2009-10-29 20:27:02 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 20:27:01 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-29 20:27:00 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-26 17:28:42 4710 ----a-w- c:\users\robert\appdata\roaming\wklnhst.dat
2009-09-21 20:42:03 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 00:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-06-21 02:38:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:03:19.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 30 October 2009 - 04:35 PM

Hi, theocrat :(

Welcome.

The log shows you ran Combofix. Please post the contents of C:\Combofix.txt.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 PM

Posted 02 November 2009 - 06:32 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users