Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

Google Redirect Virus

Started by nms , Oct 03 2010 09:06 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 nms

nms

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:08:47 PM

Posted 03 October 2010 - 09:06 PM

Used Combofix to repair Google redirect Virus. Seems to have worked. Got the Log File Below and not sure if anything further needs to be done. Any thoughts would be appreciated

ComboFix 10-10-03.01 - Neil-Main 10/03/2010 21:34:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.390 [GMT -4:00]
Running from: c:\documents and settings\Neil-Main\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\shs_setup_4056-345359.exe
c:\documents and settings\All Users\Application Data\shs_setup_4059-354328.exe
c:\documents and settings\Neil-Main\GoToAssistDownloadHelper.exe
c:\program files\UNWISE.EXE
c:\windows\system32\bxahvfse.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\Process.exe
c:\windows\system32\svgeupff.ini
c:\windows\system32\tmp.reg
c:\windows\winhelp.ini
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-01 21:36 . 2010-10-01 21:36 -------- dc----w- c:\program files\iPod
2010-10-01 21:36 . 2010-10-01 21:36 -------- dc----w- c:\program files\iTunes
2010-10-01 21:30 . 2010-10-01 21:30 -------- dc----w- c:\program files\Bonjour
2010-10-01 21:28 . 2010-10-01 21:28 73000 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-30 01:16 . 2010-10-01 00:25 -------- dc----w- c:\documents and settings\Neil-Main\Application Data\ICS4OL
2010-09-30 01:15 . 2010-09-30 01:15 -------- dc----w- c:\program files\ICS4OL
2010-09-13 02:55 . 2010-09-13 02:55 218760 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-13 02:06 . 2010-09-13 02:06 -------- dc----w- c:\program files\Common Files\Windows Live
2010-09-13 02:01 . 2010-05-20 19:27 677232 -c--a-w- c:\windows\system32\LCCoin32.dll
2010-09-13 02:01 . 2010-05-20 19:27 39280 -c--a-w- c:\windows\system32\nx6000res.dll
2010-09-13 02:01 . 2010-05-20 19:27 30576 -c--a-w- c:\windows\system32\drivers\nx6000.sys
2010-09-13 02:00 . 2010-09-13 02:01 -------- dc----w- c:\program files\Microsoft LifeCam
2010-09-13 02:00 . 2009-09-04 21:29 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-13 02:00 . 2009-09-04 21:29 1892184 -c--a-w- c:\windows\system32\D3DX9_42.dll
2010-09-13 02:00 . 2010-09-13 02:00 -------- dc----w- c:\windows\Logs
2010-09-08 02:56 . 2010-09-08 02:56 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2010-09-08 02:56 . 2010-09-30 20:00 -------- dc----w- c:\documents and settings\Neil-Main\Application Data\skypePM
2010-09-08 02:55 . 2010-09-30 23:01 -------- dc----w- c:\documents and settings\Neil-Main\Application Data\Skype
2010-09-08 02:53 . 2010-09-08 02:53 -------- dc----w- c:\program files\Common Files\Skype
2010-09-08 02:53 . 2010-09-08 02:54 -------- dc----r- c:\program files\Skype
2010-09-08 02:53 . 2010-09-08 02:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 01:42 . 2007-09-09 01:29 384 -c--a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-10-04 01:42 . 2007-09-09 01:29 384 -c--a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2010-10-03 13:35 . 2009-02-25 03:18 256 -c--a-w- c:\windows\system32\pool.bin
2010-10-03 13:21 . 2010-06-21 21:05 -------- dc----w- c:\program files\LogMeIn
2010-10-01 21:36 . 2007-09-19 04:02 -------- dc----w- c:\program files\Common Files\Apple
2010-10-01 21:32 . 2010-02-03 04:48 -------- dc----w- c:\program files\QuickTime
2010-10-01 21:28 . 2007-09-12 01:17 -------- dc----w- c:\documents and settings\Neil-Main\Application Data\Canon
2010-09-29 14:33 . 2010-03-20 21:22 -------- dc----w- c:\program files\Microsoft Silverlight
2010-09-29 03:06 . 2010-08-21 15:02 63488 -c--a-w- c:\documents and settings\Neil-Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-29 03:06 . 2010-08-21 15:01 117760 -c--a-w- c:\documents and settings\Neil-Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-27 00:28 . 2007-11-10 03:44 -------- dc----w- c:\program files\Thumbs7
2010-09-16 17:58 . 2010-08-21 15:01 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-09-15 01:49 . 2009-12-14 00:18 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-09-12 13:50 . 2007-09-19 04:02 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-11 20:19 . 2010-08-22 22:49 -------- dc----w- c:\program files\Carbonite
2010-09-07 15:12 . 2010-06-30 01:03 38848 -c--a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-07-27 17:42 167592 -c--a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-07-27 17:42 46672 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-07-27 17:42 165584 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-07-27 17:42 23376 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-07-27 17:42 100176 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-07-27 17:42 94544 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-07-27 17:42 17744 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-07-27 17:42 28880 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-03 01:34 . 2009-12-14 00:20 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-08-28 01:56 . 2009-01-16 03:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-24 18:35 . 2010-08-24 18:35 26694 -c--a-r- c:\documents and settings\Neil-Main\Application Data\Microsoft\Installer\{EC59BFAC-2A27-40B8-8956-66BD394C851D}\BlackBerry.exe
2010-08-24 18:35 . 2009-02-28 01:03 -------- dc----w- c:\program files\Common Files\Research In Motion
2010-08-24 05:04 . 2007-09-19 05:37 -------- dc----w- c:\program files\Common Files\Java
2010-08-24 05:03 . 2007-09-19 05:37 -------- dc----w- c:\program files\Java
2010-08-22 22:50 . 2007-09-07 02:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-08-22 22:50 . 2010-08-22 22:50 -------- dc----w- c:\program files\Seagate
2010-08-21 15:01 . 2010-08-21 15:01 52224 -c--a-w- c:\documents and settings\Neil-Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 15:01 . 2010-08-21 15:01 -------- dc----w- c:\documents and settings\Neil-Main\Application Data\SUPERAntiSpyware.com
2010-08-21 15:01 . 2010-08-21 15:01 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-20 00:54 . 2007-09-07 02:44 56392 -c--a-w- c:\documents and settings\Neil-Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 00:52 . 2009-04-20 02:18 -------- dc----w- c:\program files\Pinnacle
2010-08-20 00:51 . 2009-04-20 02:24 -------- dc----w- c:\program files\DivX
2010-08-20 00:48 . 2009-05-30 01:50 -------- dc----w- c:\program files\Rogers
2010-08-17 13:17 . 2004-08-04 10:00 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-08-12 02:59 . 2009-07-31 07:56 -------- dc----w- c:\program files\Common Files\Adobe AIR
2010-08-12 02:59 . 2010-08-12 02:59 53632 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-12 02:59 . 2010-08-12 02:59 53632 -c--a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-03 14:46 . 2010-08-03 14:46 12800 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-450d83cf-n\decora-d3d.dll
2010-08-03 14:46 . 2010-08-03 14:46 61440 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-450d83cf-n\decora-sse.dll
2010-08-03 14:46 . 2010-08-03 14:46 503808 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52fdda40-n\msvcp71.dll
2010-08-03 14:46 . 2010-08-03 14:46 499712 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52fdda40-n\jmc.dll
2010-08-03 14:46 . 2010-08-03 14:46 348160 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52fdda40-n\msvcr71.dll
2010-07-27 22:44 . 2010-07-27 22:44 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 197920 -c--a-w- c:\windows\system32\dnssdX.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2004-08-04 10:00 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 20:34 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 09:00 . 2010-06-09 15:09 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-07-13 14:46 . 2010-07-13 14:46 61440 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2972878b-n\decora-sse.dll
2010-07-13 14:46 . 2010-07-13 14:46 12800 -c--a-w- c:\documents and settings\Neil-Main\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2972878b-n\decora-d3d.dll
2010-07-06 17:29 . 2010-07-08 03:47 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2009-01-21 05:58 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2009-01-21 06:26 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2010-06-15 03:38 . 2010-06-15 03:38 69632 -csha-r- c:\windows\system32\wzcsapit.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Neil-Main\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-15 1249280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-3-27 209016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-24 13:30 10536 -c--a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 20:06 87424 -c--a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Neil-Main^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\Neil-Main\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Neil-Main^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Neil-Main\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelinet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-10 00:14 136472 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-10 00:23 909208 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-10-03 03:51 864624 -c--a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 03:29 623960 -c--a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 00:29 49152 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2009-01-06 16:57 2495752 -c--a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 16:22 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 17:03 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03 135168 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -c--a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-12-16 21:44 479232 -c--a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 15:00 49152 -c--a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
2008-03-26 21:40 2577120 -c--a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 00:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 19:15 13351304 -c--a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 -csha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-16 17:58 2424560 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-10 00:11 2595792 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 -c----w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2006-01-23 19:42 196608 -c--a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 1:58 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/27/2008 1:42 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/27/2008 1:42 PM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1356952]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 12:22 PM 12856]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/12/2010 10:01 PM 30576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\Ad-Aware Scan (Daily scan).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 03:51]

2010-10-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 03:51]

2010-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-01-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-16 14:42]

2010-10-04 c:\windows\Tasks\User_Feed_Synchronization-{B2FEA5D4-742E-40D7-95AE-4A7290C9FBD9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{13C92101-FD30-4BA5-A7F9-C0D8672FFAB6} - (no file)
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
Notify-ljJDVnlL - ljJDVnlL.dll
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSConfigStartUp-Rogers SHS - c:\program files\Rogers\SelfHealing\shs.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SmileboxTray - c:\documents and settings\Neil-Main\Application Data\Smilebox\SmileboxTray.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Lavasoft Kernexplorer]
"ImagePath"="\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-03 21:50:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-04 01:50

Pre-Run: 8,806,891,520 bytes free
Post-Run: 9,068,027,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5D58501C3692C2FCF3D1B025A5A0978B

Edited by boopme, 03 October 2010 - 11:02 PM.

BC AdBot (Login to Remove)

 

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:47 AM

Posted 10 October 2010 - 08:05 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:47 AM

Posted 16 October 2010 - 05:07 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·