Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine redirecting


  • Please log in to reply
1 reply to this topic

#1 japanesestallion

japanesestallion

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 02 June 2010 - 11:35 PM

Well, I am about frustrated as I can be, but I came across this site. I've downloaded Malware software including Microsoft Security, Hitman Pro, Hijack This, and I even had newest version of McAfee installed. Ever since I installed McAfee, it slowed my interenet down. This was a month ago. Just recently, the redirecting started.
Here is the log, and I hope some one can give me some hope.


ComboFix 10-06-02.02 - Takamasa family 2010/06/03 0:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3326.2798 [GMT -4:00]
Running from: c:\documents and settings\Takamasa family\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Takamasa family\Application Data\inst.exe
c:\documents and settings\Takamasa family\Local Settings\Application Data\{F1BBA680-9EF7-4893-8E2C-E1DB4F032694}
c:\documents and settings\Takamasa family\Local Settings\Application Data\{F1BBA680-9EF7-4893-8E2C-E1DB4F032694}\chrome.manifest
c:\documents and settings\Takamasa family\Local Settings\Application Data\{F1BBA680-9EF7-4893-8E2C-E1DB4F032694}\chrome\content\_cfg.js
c:\documents and settings\Takamasa family\Local Settings\Application Data\{F1BBA680-9EF7-4893-8E2C-E1DB4F032694}\chrome\content\overlay.xul
c:\documents and settings\Takamasa family\Local Settings\Application Data\{F1BBA680-9EF7-4893-8E2C-E1DB4F032694}\install.rdf
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\-GV-DmGm
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\1pJjd3
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-F
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc185200771
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc206368265
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc206370049
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc242317
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc265915216
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc266463446
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc275454983
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc293684819
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc374883
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc528829
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc7490053
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc7562947
c:\documents and settings\Takamasa family\Local Settings\Temporary Internet Files\8i4-5_Z-Fc82427828
c:\documents and settings\Takamasa family\Recent\Thumbs.db
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\abagesavadebib.dll
c:\windows\abaqafotocedofi.dll
c:\windows\aboconihuqajacu.dll
c:\windows\abocuraqilaq.dll
c:\windows\abojocetuwefoki.dll
c:\windows\abukipejoxi.dll
c:\windows\aceyawebewah.dll
c:\windows\acizihawagurinaz.dll
c:\windows\acolejar.dll
c:\windows\acotatuxofumuto.dll
c:\windows\adasakorilowad.dll
c:\windows\afaficuz.dll
c:\windows\afelenelanaveca.dll
c:\windows\afumojokesiyovup.dll
c:\windows\agakayisukinasu.dll
c:\windows\aganuveruqapiwes.dll
c:\windows\agexulod.dll
c:\windows\agicepexomi.dll
c:\windows\agihelicomepo.dll
c:\windows\ahayiyim.dll
c:\windows\ahohakuc.dll
c:\windows\ajakonejiq.dll
c:\windows\ajakorox.dll
c:\windows\ajosatoxolibugid.dll
c:\windows\ajozoxazexow.dll
c:\windows\akasicog.dll
c:\windows\akekudegemidar.dll
c:\windows\akufikavup.dll
c:\windows\alabacax.dll
c:\windows\alafecujof.dll
c:\windows\alaxezoyipo.dll
c:\windows\alegepazopesiqa.dll
c:\windows\aloguxavigam.dll
c:\windows\alopixoh.dll
c:\windows\alugehus.dll
c:\windows\aluramujo.dll
c:\windows\amuyunol.dll
c:\windows\analukig.dll
c:\windows\anariyiji.dll
c:\windows\anasiyovup.dll
c:\windows\anawiges.dll
c:\windows\apedefakor.dll
c:\windows\apokucadicuvuhox.dll
c:\windows\aqakemom.dll
c:\windows\aqapexom.dll
c:\windows\aqevaxesakor.dll
c:\windows\aqivebuqa.dll
c:\windows\aqocohofaf.dll
c:\windows\aqorojewujoxuce.dll
c:\windows\aqucazuwipiq.dll
c:\windows\aqujodivo.dll
c:\windows\arijabiveba.dll
c:\windows\asadoruvozer.dll
c:\windows\asawupuc.dll
c:\windows\asayayiyohu.dll
c:\windows\asesucef.dll
c:\windows\aseyuxoxot.dll
c:\windows\asipejidedu.dll
c:\windows\asorecom.dll
c:\windows\asosovomado.dll
c:\windows\atamenip.dll
c:\windows\atelugaw.dll
c:\windows\atoboxag.dll
c:\windows\atudegemidaribiy.dll
c:\windows\avolutej.dll
c:\windows\avowigesifefela.dll
c:\windows\avumidar.dll
c:\windows\awahomatumoyesic.dll
c:\windows\awetejefifinohaz.dll
c:\windows\awubinago.dll
c:\windows\awudefak.dll
c:\windows\axezurow.dll
c:\windows\axinisix.dll
c:\windows\axiwiducena.dll
c:\windows\ayefifin.dll
c:\windows\ayiboxavowiyel.dll
c:\windows\ayoxodokake.dll
c:\windows\ayubopev.dll
c:\windows\azeratiqefamete.dll
c:\windows\aziguhey.dll
c:\windows\azunonulurup.dll
c:\windows\ebexiwuh.dll
c:\windows\ebokefup.dll
c:\windows\ecacadisa.dll
c:\windows\ecadonotudokawas.dll
c:\windows\ecekimaki.dll
c:\windows\eciqaquh.dll
c:\windows\ecogokidonotudok.dll
c:\windows\edijiseciyopubop.dll
c:\windows\edimugeya.dll
c:\windows\eduvulasejada.dll
c:\windows\efagecav.dll
c:\windows\efesagubi.dll
c:\windows\efixepodatod.dll
c:\windows\efohizuq.dll
c:\windows\efopogic.dll
c:\windows\eforukemomop.dll
c:\windows\efuxaxay.dll
c:\windows\ehugusob.dll
c:\windows\ejakacega.dll
c:\windows\ejaxaqakoy.dll
c:\windows\ejevolovo.dll
c:\windows\ejilegacude.dll
c:\windows\ejobubob.dll
c:\windows\ejogasudev.dll
c:\windows\ejucabenuwiq.dll
c:\windows\ejujameh.dll
c:\windows\ejuligej.dll
c:\windows\ekaxaxeteted.dll
c:\windows\ekepoxulodi.dll
c:\windows\ekijaxes.dll
c:\windows\ekoroviq.dll
c:\windows\ekukowomaq.dll
c:\windows\elajulucasi.dll
c:\windows\eliyohuyagasuti.dll
c:\windows\elolasej.dll
c:\windows\elonesanuzehobiq.dll
c:\windows\eluwicoz.dll
c:\windows\eluzivano.dll
c:\windows\emasapamotetac.dll
c:\windows\emebuyut.dll
c:\windows\emoxiqiv.dll
c:\windows\enakalegetekola.dll
c:\windows\enekurubohoja.dll
c:\windows\enidacirojik.dll
c:\windows\enoqoyamuko.dll
c:\windows\enoyutomo.dll
c:\windows\epawixorigeg.dll
c:\windows\epikipipadaxu.dll
c:\windows\episumiwumezi.dll
c:\windows\epuhehuc.dll
c:\windows\eqajahigafeku.dll
c:\windows\eqigipam.dll
c:\windows\erifofoc.dll
c:\windows\erirakipe.dll
c:\windows\erireguc.dll
c:\windows\erivokom.dll
c:\windows\eruralosupukale.dll
c:\windows\esagegob.dll
c:\windows\esajimonobapuyuq.dll
c:\windows\esewisurasewi.dll
c:\windows\esohokonipuc.dll
c:\windows\esumodet.dll
c:\windows\etiwimanitesuzup.dll
c:\windows\etokagupise.dll
c:\windows\etoquloyaraqe.dll
c:\windows\etoyerid.dll
c:\windows\etozimim.dll
c:\windows\evawimuwesebebe.dll
c:\windows\evicecic.dll
c:\windows\evoqegepazopesi.dll
c:\windows\evorugugavopiwam.dll
c:\windows\evovamiw.dll
c:\windows\evumilapeyamole.dll
c:\windows\evuzozawufi.dll
c:\windows\ewafebocovofa.dll
c:\windows\ewiberer.dll
c:\windows\ewopupike.dll
c:\windows\exihovehula.dll
c:\windows\exijefed.dll
c:\windows\exipotovunikan.dll
c:\windows\eyaqugaroro.dll
c:\windows\eyazuquj.dll
c:\windows\eyixoheseweri.dll
c:\windows\eyuyiyohu.dll
c:\windows\ezerigafey.dll
c:\windows\ezocelotefaco.dll
c:\windows\ezuhayerid.dll
c:\windows\ibagovitogo.dll
c:\windows\ibanibek.dll
c:\windows\ibibihebajoganis.dll
c:\windows\ibibukukaseg.dll
c:\windows\ibikahasafoxo.dll
c:\windows\icasecoqaf.dll
c:\windows\idaduqiyaloqetu.dll
c:\windows\idedoqevoyoxaj.dll
c:\windows\idegarobifam.dll
c:\windows\idocaguhimuhab.dll
c:\windows\idozewujonafaz.dll
c:\windows\idububuk.dll
c:\windows\idumivoki.dll
c:\windows\ifavolov.dll
c:\windows\ifinahifur.dll
c:\windows\ifinudow.dll
c:\windows\igavekeg.dll
c:\windows\igizevuqana.dll
c:\windows\igoludejemila.dll
c:\windows\igucedof.dll
c:\windows\ihazosowuwu.dll
c:\windows\ihejovanile.dll
c:\windows\ihocoxicakihev.dll
c:\windows\ihudoqenezu.dll
c:\windows\ijavuqadiruvupo.dll
c:\windows\ijavuviy.dll
c:\windows\ijelijosifa.dll
c:\windows\ijowuyazamilabef.dll
c:\windows\ikakosub.dll
c:\windows\ikamofut.dll
c:\windows\ikapalamutivolu.dll
c:\windows\ikeciduwatonudo.dll
c:\windows\ikenawif.dll
c:\windows\ikihisiquyic.dll
c:\windows\ikiviyiyime.dll
c:\windows\ikofudocaye.dll
c:\windows\ikotedab.dll
c:\windows\ikulokuz.dll
c:\windows\ikuqanejobeceb.dll
c:\windows\inijovapupike.dll
c:\windows\inoyifegizutaz.dll
c:\windows\ipatafuz.dll
c:\windows\ipazoyow.dll
c:\windows\ipigodinireyi.dll
c:\windows\ipivebax.dll
c:\windows\ipocoxep.dll
c:\windows\ipotuketox.dll
c:\windows\ipumiwumezimimi.dll
c:\windows\iqesusev.dll
c:\windows\irijegohew.dll
c:\windows\iriwidog.dll
c:\windows\irurobifam.dll
c:\windows\isetebic.dll
c:\windows\isezovec.dll
c:\windows\isoyizajovanile.dll
c:\windows\isozuwocucafuv.dll
c:\windows\itedujodivo.dll
c:\windows\iteqisef.dll
c:\windows\ititufumul.dll
c:\windows\ituxalazahixuso.dll
c:\windows\ivepukogibux.dll
c:\windows\ivisajub.dll
c:\windows\ivopagidi.dll
c:\windows\iwihojisec.dll
c:\windows\iwixixib.dll
c:\windows\iwomijigokimaki.dll
c:\windows\iwujekum.dll
c:\windows\ixagaxel.dll
c:\windows\ixeqehexopak.dll
c:\windows\ixubekepem.dll
c:\windows\iyanonuci.dll
c:\windows\iyewigamewo.dll
c:\windows\iyiqotiwuvubomu.dll
c:\windows\iyohelicomepo.dll
c:\windows\iyulugaw.dll
c:\windows\izipiqowaliy.dll
c:\windows\obejupec.dll
c:\windows\obicasat.dll
c:\windows\obiwupucusezej.dll
c:\windows\obosucefuheli.dll
c:\windows\obuwumezimimi.dll
c:\windows\ocafusiz.dll
c:\windows\ocaneniq.dll
c:\windows\ocixilexexexivu.dll
c:\windows\ocojijohapuhidon.dll
c:\windows\odenobapuy.dll
c:\windows\odotikapaw.dll
c:\windows\ofayazad.dll
c:\windows\ofilimar.dll
c:\windows\ofotuketox.dll
c:\windows\ogedokez.dll
c:\windows\ogimigivajiy.dll
c:\windows\ogimuhabucuyajas.dll
c:\windows\ogugotaneku.dll
c:\windows\ojawaxozuvovep.dll
c:\windows\ojikilomi.dll
c:\windows\ojiqadir.dll
c:\windows\ojucedulofo.dll
c:\windows\ojukixuyoyulid.dll
c:\windows\ojuzafitequw.dll
c:\windows\okarebevamikumi.dll
c:\windows\olitixivum.dll
c:\windows\onacipih.dll
c:\windows\onasakoril.dll
c:\windows\onefakor.dll
c:\windows\onozibaha.dll
c:\windows\opawakevad.dll
c:\windows\opoledun.dll
c:\windows\opozuteroyow.dll
c:\windows\opucejaqapejuco.dll
c:\windows\oqanupehukuhoxaj.dll
c:\windows\oqaxusoyaqoxisi.dll
c:\windows\oqiqepijovapu.dll
c:\windows\oqumonus.dll
c:\windows\oraxozab.dll
c:\windows\oripadew.dll
c:\windows\orohatehiheha.dll
c:\windows\osaduligejope.dll
c:\windows\osobezaxe.dll
c:\windows\osujelehe.dll
c:\windows\otadevip.dll
c:\windows\otahagonam.dll
c:\windows\otiyuqidefa.dll
c:\windows\otogeqewipezupe.dll
c:\windows\otuhediqadunuj.dll
c:\windows\otupodat.dll
c:\windows\ovafogufag.dll
c:\windows\ovipevafiyupa.dll
c:\windows\ovofubemob.dll
c:\windows\owanawifukine.dll
c:\windows\owedigojeruqa.dll
c:\windows\owekajom.dll
c:\windows\owowelohawuro.dll
c:\windows\owuvapupikepeqe.dll
c:\windows\oxawiquloyara.dll
c:\windows\oxewiviyiyimevo.dll
c:\windows\oxobobituyihita.dll
c:\windows\oyawinaqafoto.dll
c:\windows\oyehemofivutamu.dll
c:\windows\oyisuvub.dll
c:\windows\oyojower.dll
c:\windows\oyokokupu.dll
c:\windows\ozapikeb.dll
c:\windows\ozatodig.dll
c:\windows\ozekanug.dll
c:\windows\oziguqut.dll
c:\windows\ozogevus.dll
c:\windows\ozonayucucena.dll
c:\windows\ozudotibuxerugug.dll
c:\windows\ozujevul.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\G1340.tmp.exe
c:\windows\system32\GF1C6.tmp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Sysvxd.exe
c:\windows\ubaqotiwuvubomu.dll
c:\windows\ubetitefedahemo.dll
c:\windows\ubivuniwulaqo.dll
c:\windows\ubusehih.dll
c:\windows\ubutudiwo.dll
c:\windows\ucoloxegirifaduf.dll
c:\windows\ucuxewofesed.dll
c:\windows\ucuzoxuf.dll
c:\windows\udafaripec.dll
c:\windows\udafuqosejefi.dll
c:\windows\udibukaqib.dll
c:\windows\ufatamagabobi.dll
c:\windows\ufeyohuyaga.dll
c:\windows\ufifiqasunufu.dll
c:\windows\ufitecoqajete.dll
c:\windows\ufonorixatabiv.dll
c:\windows\ufozupewadageqe.dll
c:\windows\ufufebocovofa.dll
c:\windows\ufunuzafa.dll
c:\windows\ugamogud.dll
c:\windows\ugaseriy.dll
c:\windows\ugawupomu.dll
c:\windows\ugevucuy.dll
c:\windows\ugihohil.dll
c:\windows\ugoqojunehohice.dll
c:\windows\ugusoxiwuv.dll
c:\windows\uguzipahalafun.dll
c:\windows\uhafesujo.dll
c:\windows\uhawaqiqamalanun.dll
c:\windows\uhedodexa.dll
c:\windows\uhefujufuxuzedes.dll
c:\windows\uhejexij.dll
c:\windows\uhiloput.dll
c:\windows\uhirurulipizul.dll
c:\windows\ukacecicojice.dll
c:\windows\ukelozugecava.dll
c:\windows\ukidipok.dll
c:\windows\ukoriyov.dll
c:\windows\ulafijor.dll
c:\windows\ulixiyetukopib.dll
c:\windows\uluteboyo.dll
c:\windows\umalijefed.dll
c:\windows\umecowoziqipuz.dll
c:\windows\umesacev.dll
c:\windows\umeteqar.dll
c:\windows\umevuhox.dll
c:\windows\umifimifetelag.dll
c:\windows\umiyutez.dll
c:\windows\umucirojikehad.dll
c:\windows\umulemunaja.dll
c:\windows\upeburimuq.dll
c:\windows\upexubac.dll
c:\windows\upinuresiqaquz.dll
c:\windows\uqagihaji.dll
c:\windows\uqamuhab.dll
c:\windows\uqotapim.dll
c:\windows\uqulifetahef.dll
c:\windows\uroyenax.dll
c:\windows\usahafileyoc.dll
c:\windows\usaxitokesiko.dll
c:\windows\usepacajuhiqijo.dll
c:\windows\usofujahozazohec.dll
c:\windows\utadebibereriyon.dll
c:\windows\utapavuro.dll
c:\windows\utererew.dll
c:\windows\uticohof.dll
c:\windows\utuqaviv.dll
c:\windows\uvavenupehukuh.dll
c:\windows\uvebemojokesiy.dll
c:\windows\uvoqewofeh.dll
c:\windows\uwidogodo.dll
c:\windows\uwomotigihagon.dll
c:\windows\uwotaxuhij.dll
c:\windows\uwudimeqa.dll
c:\windows\uxanuperamiyapa.dll
c:\windows\uxarecomexekocu.dll
c:\windows\uyicaxojux.dll
c:\windows\uyuqirac.dll
c:\windows\uyutadoq.dll
c:\windows\uzapofevinuyozew.dll
c:\windows\uzujuhiqijo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_msupdate
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 03:33 . 2010-06-03 03:33 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-03 03:32 . 2010-06-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-03 03:32 . 2010-06-03 03:32 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-03 02:49 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 02:40 . 2010-06-03 02:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-03 02:36 . 2010-06-03 02:36 -------- d-----w- c:\program files\MyWaySA
2010-06-03 02:36 . 2010-06-03 02:36 -------- d-----w- c:\program files\AutocompletePro
2010-06-03 02:36 . 2010-06-03 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\15345464
2010-06-03 02:36 . 2010-06-03 02:36 -------- d-----w- c:\windows\LastGood(2)
2010-06-03 01:54 . 2010-06-03 01:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-02 23:04 . 2010-06-02 23:04 -------- d-----w- c:\documents and settings\Takamasa family\Application Data\Malwarebytes
2010-06-02 23:03 . 2010-06-03 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 23:03 . 2010-06-02 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-25 17:10 . 2010-06-03 02:37 -------- d-----w- c:\documents and settings\Takamasa family\Application Data\Facebook
2010-05-25 00:31 . 2010-06-03 02:42 -------- d-----w- c:\program files\McAfee Online Backup
2010-05-25 00:29 . 2010-06-03 02:37 -------- d-----w- c:\program files\Common Files\Mcafee
2010-05-12 20:50 . 2010-06-03 02:38 -------- d-----w- c:\documents and settings\Takamasa family\Local Settings\Application Data\myBabylon_English
2010-05-12 20:50 . 2010-06-03 02:38 -------- d-----w- c:\program files\YoutubeDownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 02:37 . 2005-08-12 04:03 -------- d-----w- c:\program files\McAfee
2010-06-03 02:13 . 2001-08-17 19:07 5504 ----a-w- c:\windows\system32\drivers\PERC2HIB.SYS
2010-05-25 00:35 . 2006-07-24 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-25 00:29 . 2005-04-16 19:04 -------- d-----w- c:\program files\McAfee.com
2010-05-17 20:15 . 2010-05-17 20:15 2258 ----a-w- c:\program files\eula.txt
2010-05-16 23:43 . 2009-12-05 21:02 -------- d-----w- c:\program files\MagicDVDCopier
2010-04-04 20:29 . 2006-12-27 06:00 -------- d--h--w- c:\documents and settings\Takamasa family\Application Data\Move Networks
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\17706\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\17706\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\17706\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\17706\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 10:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2010-01-03 07:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-11 07:01 . 2010-03-11 07:01 103432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-09 11:09 . 2004-08-10 10:00 430080 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 17:52 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 21:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\EHOME\EHTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyHoleVideo.exe]
2008-08-17 03:13 57344 ----a-w- c:\program files\KeyHoleVideo\KeyHoleVideo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 18:03 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-04-16 19:06 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
2009-12-09 13:36 866200 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-23 06:39 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SYSTEM32\\pdrtvsvr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-03 c:\windows\Tasks\User_Feed_Synchronization-{94EDE9BB-4BA1-4113-B8F2-4294B6644461}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = www.excite.co.jp/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ababmx.com\www
Trusted Zone: bmxmania.com\www
Trusted Zone: ebay.com\www
Trusted Zone: google.com\www
Trusted Zone: knb-tools.com\mail
Trusted Zone: pdaphonehome.com
Trusted Zone: vintagebmx.com\www
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-laquagy - c:\windows\system32\geso.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-McAfee Backup - c:\program files\McAfee\MBK\McAfeeDataBackup.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-SVCHOST - c:\windows\system32\drivers\svchost.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 00:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\conime.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-03 00:33:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-03 04:33

Pre-Run: 33,039,024,128 bytes free
Post-Run: 33,407,209,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 2C0D54B9EF057917782F1F937DF87F29


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:10 PM

Posted 06 June 2010 - 11:48 AM

Hello japanesestallion

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here
  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users