Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP! Used HijackThis & ComboFix


  • This topic is locked This topic is locked
3 replies to this topic

#1 EmWoodall

EmWoodall

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 12 July 2011 - 12:26 PM

So for the past week I've had this horrible Redirect Virus, and I've uninstalled AVG, Ran Spyware Terminator, and Malware removal programs, and nothing is working at all. Google still redirects the links I click on. I read on here to Install Combofix & Hijackthis, I did them last night, I ran HiJackThis, and it mentioned something about using Combofix -- I do not know what it DID exactly, but here is the log. My Browser is STILL re-directing me. Please help! HERE'S THE LOG:
Attached File  COMBOFIX LOG AFTER SCAN OF HIJACKTHIS.txt   24.27KB   0 downloads

ComboFix 11-07-11.02 - Woodall Family 07/11/2011 22:34:47.1.1 - x86
Running from: c:\users\Woodall Family\Desktop\commy.exe
Command switches used :: c:\users\Woodall Family\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MWN-USB54G Wireless Client Utility .lnk
c:\users\Woodall Family\AppData\Local\{6A9B7F4B-8007-4B7C-B246-8B387D378E02}
c:\users\Woodall Family\AppData\Local\{6A9B7F4B-8007-4B7C-B246-8B387D378E02}\chrome.manifest
c:\users\Woodall Family\AppData\Local\{6A9B7F4B-8007-4B7C-B246-8B387D378E02}\chrome\content\_cfg.js
c:\users\Woodall Family\AppData\Local\{6A9B7F4B-8007-4B7C-B246-8B387D378E02}\chrome\content\overlay.xul
c:\users\Woodall Family\AppData\Local\{6A9B7F4B-8007-4B7C-B246-8B387D378E02}\install.rdf
c:\windows\system32\AutoRun.inf
c:\windows\system32\no
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
c:\windows\UA000106.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 09:06 . 2011-07-12 09:08 -------- d-----w- c:\users\Woodall Family\AppData\Local\temp
2011-07-12 09:06 . 2011-07-12 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-12 02:22 . 2011-07-12 02:22 388096 ----a-r- c:\users\Woodall Family\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-12 01:23 . 2011-07-12 02:17 -------- d-----w- c:\program files\Frontline Registry Cleaner
2011-07-11 16:27 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-11 16:27 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 00:33 . 2011-06-22 00:33 -------- d-----w- c:\program files\Rockstar Games
2011-06-20 21:16 . 2011-06-25 01:54 -------- d-----w- c:\users\Woodall Family\Calibre Library
2011-06-20 21:15 . 2011-06-25 01:22 -------- d-----w- c:\users\Woodall Family\AppData\Roaming\calibre
2011-06-20 21:13 . 2011-06-20 21:15 -------- d-----w- c:\program files\Calibre2
2011-06-16 04:55 . 2011-06-16 04:55 -------- d-----w- c:\users\Woodall Family\AppData\Local\MigWiz
2011-06-16 04:18 . 2011-06-16 04:18 -------- d-----w- c:\users\Woodall Family\AppData\Local\DeskShare Data
2011-06-16 04:18 . 2011-06-16 04:18 -------- d-----w- c:\programdata\Deskshare
2011-06-16 04:18 . 2011-06-16 04:18 -------- d-----w- c:\users\Woodall Family\AppData\Local\Spoon
2011-06-16 00:06 . 2011-06-16 00:06 -------- d-----w- c:\users\Woodall Family\Playlists
2011-06-15 22:40 . 2007-03-19 15:00 4355 ----a-r- c:\program files\hsltree.js
2011-06-15 22:39 . 2011-06-15 23:39 -------- d-----w- c:\program files\Treo
2011-06-15 22:38 . 2007-12-04 21:10 16640 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
2011-06-15 22:38 . 2011-06-15 22:38 -------- d-----w- c:\users\Woodall Family\AppData\Roaming\Arcsoft
2011-06-15 22:36 . 2011-06-15 22:36 -------- d-----w- c:\users\Woodall Family\AppData\Roaming\HotSync
2011-06-15 22:36 . 2011-06-15 22:36 -------- d-----w- c:\programdata\HotSync
2011-06-15 22:36 . 2011-06-15 22:37 -------- d-----w- c:\program files\Palm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-04-19 19:57 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-19 19:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-25 19:20 . 2011-05-25 19:57 258560 ----a-w- c:\windows\uninst.exe
2011-05-21 01:50 . 2011-05-21 01:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 12:42 . 2011-05-18 12:42 0 ---ha-w- c:\users\Woodall Family\AppData\Local\BIT4BBF.tmp
2011-05-18 12:37 . 2011-05-18 12:37 0 ---ha-w- c:\users\Woodall Family\AppData\Local\BIT6A66.tmp
2011-05-10 14:48 . 2011-05-10 14:48 0 ---ha-w- c:\users\Woodall Family\AppData\Local\BITED4E.tmp
2011-04-19 15:34 . 2011-04-19 15:34 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-04-19 05:53 . 2011-04-19 05:53 1650688 --sha-w- c:\users\Woodall Family\AppData\Local\yim.exe
2011-04-19 05:10 . 2011-04-11 20:08 0 ----a-w- c:\users\Woodall Family\AppData\Local\Nmozubucamo.bin
2010-11-11 02:46 . 2010-11-11 02:46 1716007 ----a-w- c:\program files\extractor_setup_1.4.2.2.exe
2010-11-03 22:54 . 2010-11-03 22:52 22133675 ----a-w- c:\program files\VistaCodecs_v584.exe
2010-11-02 20:35 . 2010-11-02 20:33 18341784 ----a-w- c:\program files\FreeYouTubeToMp3Converter (2).exe
2010-10-28 19:48 . 2010-10-28 19:45 8567280 ----a-w- c:\program files\Firefox Setup 3.6.12(2).exe
2010-10-28 19:43 . 2010-10-28 19:42 8567280 ----a-w- c:\program files\Firefox Setup 3.6.12.exe
2010-10-27 17:35 . 2010-10-27 17:31 18384273 ----a-w- c:\program files\WECPSetup.exe
2010-10-27 17:35 . 2010-10-27 17:32 23873711 ----a-w- c:\program files\media.player.codec.pack.v3.9.6.setup.exe
2010-10-27 17:28 . 2010-10-27 17:28 1416944 ----a-w- c:\program files\WM9Codecs.exe
2010-10-27 17:27 . 2010-10-27 17:27 1528184 ----a-w- c:\program files\GenuineCheck.exe
2010-10-27 17:02 . 2010-10-27 17:00 13929360 ----a-w- c:\program files\aTube_Catcher.exe
2010-10-15 23:39 . 2010-10-15 23:39 320512 ----a-w- c:\program files\CustomSpeedEffects.msi
2010-10-12 21:08 . 2010-10-12 21:07 2525169 ----a-w- c:\program files\JPG-to-PDF-Converter-Setup.exe
2010-10-10 16:28 . 2010-10-10 16:28 1357584 ----a-w- c:\program files\MatroskaSplitter14082010.exe
2010-10-10 16:27 . 2010-10-10 16:24 29426427 ----a-w- c:\program files\SUPERsetup201038.exe
2010-10-10 16:03 . 2010-10-10 16:01 14901896 ----a-w- c:\program files\video-converter_setup.exe
2010-10-10 15:12 . 2010-10-10 15:11 7357440 ----a-w- c:\program files\MM26_ENU.msi
2010-10-10 14:40 . 2010-10-10 14:39 1286504 ----a-w- c:\program files\wlsetup-web.exe
2010-09-23 19:55 . 2010-09-23 19:54 7091860 ----a-w- c:\program files\GingerClientHomeTrialNoFlash_Website_1.12.3.exe
2010-09-20 20:17 . 2010-09-20 20:17 6275448 ----a-w- c:\program files\Silverlight.exe
2010-09-13 22:33 . 2010-09-13 22:33 4747136 ----a-w- c:\program files\Shockwave_Installer_Slim(2).exe
2010-09-13 13:47 . 2010-09-13 13:47 1295892 ----a-w- c:\program files\extractor_setup(2).exe
2010-09-13 13:44 . 2010-09-13 13:44 1531593 ----a-w- c:\program files\winrar-x64-393.exe
2010-09-10 01:07 . 2010-09-10 01:04 8474560 ----a-w- c:\program files\Vuze_Installer.exe
2010-09-08 23:48 . 2010-09-08 23:47 2843496 ----a-w- c:\program files\frostwire_ultra_accelerator_free.exe
2010-09-06 17:54 . 2010-09-06 17:54 2788248 ----a-w- c:\program files\scummvm-0.12.0-win32.exe
2010-08-24 16:24 . 2010-08-24 16:24 819224 ----a-w- c:\program files\oDeskSetup.exe
2010-08-19 12:47 . 2010-08-19 12:44 29992152 ----a-w- c:\program files\LimeWireWin (2).exe
2010-08-15 16:47 . 2010-08-15 16:47 390656 ----a-w- c:\program files\STOPzilla_Setup.exe
2010-08-15 16:11 . 2010-08-15 16:10 6289216 ----a-w- c:\program files\HitmanPro35.exe
2010-08-03 22:42 . 2010-08-03 22:31 95370115 ----a-w- c:\program files\ootp8freesetup.exe
2010-07-26 23:39 . 2010-07-26 23:38 9636106 ----a-w- c:\program files\BATPATCH_English.exe
2010-07-18 14:31 . 2010-07-18 14:30 874272 ----a-w- c:\program files\jxpiinstall(2).exe
2010-07-17 23:07 . 2010-07-17 23:07 874272 ----a-w- c:\program files\jxpiinstall.exe
2010-06-29 04:43 . 2010-06-29 04:39 158504839 ----a-w- c:\program files\BaseballMogul2011DemoSetup.exe
2010-06-20 20:57 . 2010-06-20 20:57 338624 ----a-w- c:\program files\switchsetup.exe
2010-06-13 01:03 . 2010-06-13 01:02 563040 ----a-w- c:\program files\googleupdatesetup.exe
2010-06-10 02:25 . 2010-06-10 02:25 562864 ----a-w- c:\program files\GoogleEarthPluginSetup.exe
2010-06-07 16:43 . 2010-06-07 16:43 84345 ----a-w- c:\program files\rehanpip.exe
2010-06-07 16:36 . 2010-06-07 16:36 54186 ----a-w- c:\program files\Nicks Video Symbols.exe
2010-06-07 16:26 . 2010-06-07 16:26 336896 ----a-w- c:\program files\CustomTVRatings.msi
2010-06-01 21:34 . 2010-06-01 21:34 1247568 ----a-w- c:\program files\wlsetup-custom.exe
2010-06-01 21:30 . 2010-06-01 21:29 10783584 ----a-w- c:\program files\Install_MSN_Messenger.exe
2010-05-15 21:11 . 2010-05-15 21:08 24184872 ----a-w- c:\program files\LimeWireWin.exe
2010-05-15 20:48 . 2010-05-15 20:47 8231427 ----a-w- c:\program files\frostwire-4.20.6.windows.exe
2010-05-15 14:16 . 2010-05-15 14:12 7733573 ----a-w- c:\program files\tp-m2ts-converter-92729.exe
2010-05-08 17:57 . 2010-05-08 17:57 3911037 ----a-w- c:\program files\sf2.exe
2010-05-08 17:50 . 2010-05-08 17:50 961807 ----a-w- c:\program files\sonic_the_hedgehog.exe
2010-05-02 06:37 . 2010-05-02 06:37 652794 ----a-w- c:\program files\XviD-1.2.2-07062009.exe
2010-05-01 06:18 . 2010-05-01 06:17 3960832 ----a-w- c:\program files\ZD710102.exe
2010-04-29 14:17 . 2010-04-29 14:17 4622781 ----a-w- c:\program files\setupscreenhunterfree.exe
2010-04-22 14:39 . 2010-04-22 14:38 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe
2010-04-19 22:08 . 2010-04-19 22:08 2824600 ----a-w- c:\program files\setup_basic_3970.exe
2010-04-08 00:43 . 2010-04-08 00:43 3426443 ----a-w- c:\program files\InstallFreeRARExtractFrog.exe
2010-04-04 15:36 . 2010-04-04 15:36 364208 ----a-w- c:\program files\bb2k10-patch-v1203-exe.exe
2010-04-04 14:13 . 2010-04-04 14:11 10779512 ----a-w- c:\program files\gunfight_setup.exe
2010-03-30 17:52 . 2010-03-30 17:44 74093912 ----a-w- c:\program files\AVSVideoEditor.exe
2010-03-30 15:49 . 2010-03-30 15:37 107474024 ----a-w- c:\program files\moviestudiope90b.exe
2010-03-29 02:12 . 2010-03-29 02:12 2400104 ----a-w- c:\program files\timeleft.exe
2010-03-22 15:04 . 2010-03-22 15:03 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2010-03-17 03:05 . 2010-03-17 03:03 12496294 ----a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2010-03-09 01:55 . 2010-03-09 01:53 5243416 ----a-w- c:\program files\VA31_softonic.exe
2010-03-02 17:13 . 2010-03-02 17:11 7470399 ----a-w- c:\program files\frostwire-4.20.2.windows.exe
2010-02-28 19:35 . 2010-02-28 19:29 37824544 ----a-w- c:\program files\090_000_264_000_dj_sf_driveronly_nonnetwork_dvd_NB.exe
2010-02-26 16:06 . 2010-02-26 16:04 10502881 ----a-w- c:\program files\Free3GPVideoConverter.exe
2010-02-14 05:05 . 2010-02-14 05:04 1295892 ----a-w- c:\program files\extractor_setup.exe
2010-02-06 22:27 . 2010-02-06 22:27 2604736 ----a-w- c:\program files\CpWzPrM.exe
2010-02-06 16:34 . 2010-02-06 16:32 9271743 ----a-w- c:\program files\frostwire-4.18.6.windows.exe
2010-01-31 17:54 . 2010-01-31 17:53 4384320 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2010-01-24 03:36 . 2010-01-24 03:36 2253616 ----a-w- c:\program files\disk-defrag-setup.exe
1995-05-31 17:04 . 2010-05-08 18:10 2048 ----a-w- c:\program files\SBDRIVER.DRV
2011-06-16 04:17 . 2011-04-25 14:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Medialink\MWN-USB54G\Installer\Win2k\MWN-USB54G Wireless Client Utility .exe
c:\program files\Medialink\MWN-USB54G\Installer\WIN9X\MWN-USB54G Wireless Client Utility .exe
c:\program files\Medialink\MWN-USB54G\Installer\WINME\MWN-USB54G Wireless Client Utility .exe
c:\program files\Medialink\MWN-USB54G\Installer\WINX64\MWN-USB54G Wireless Client Utility .exe
c:\program files\Medialink\MWN-USB54G\Installer\WINXP\MWN-USB54G Wireless Client Utility .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 16:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBRAEcAUgAtAFMAWAAwAEsARwAtAEcAMABOAFYAQQAtAEIAQQBCADYAOAAtAEQARgBUAFQAUAA&inst=NwA3AC0AMwA3ADQANAA2ADIAMQA5ADcALQBYAEwAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADIAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAwAA&prod=90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Woodall Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Woodall Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Woodall Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Woodall Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
c:\program files\PalmSource\Desktop\HotSync.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
c:\program files\Jumpstart\jswtrayutil.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\Windows Live\Messenger\msnmsgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFSIeHLAqJvyy]
c:\programdata\NFSIeHLAqJvyy.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
c:\program files\PC Tools Security\BDT\FGuard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2011-04-19 15:34 2216960 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2011-04-19 15:34 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 02:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
TOSCDSPD.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOY5KNQ8OC]
c:\users\WOODAL~1\AppData\Local\Temp\Pzd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
c:\program files\Corel\Corel VideoStudio 12\uvPL.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 136176]
R2 Mp3Rocket Toolbar Helper;Mp3Rocket Toolbar Helper;c:\program files\MP3 Rocket Toolbar\MP3RocketSvc.exe [x]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 136176]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-09-06 120152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-10 691696]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-04-19 142592]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgLdx86
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 15:36]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-02 15:36]
.
2011-07-11 c:\windows\Tasks\User_Feed_Synchronization-{8960B094-046A-4132-91BD-2129DB37A7E9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Woodall Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: tenderfoot.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Woodall Family\AppData\Roaming\Mozilla\Firefox\Profiles\o6qx9au4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3rocketsearch.com/?prt=mp3rockettb02ff&Keywords=
FF - user.js: keyword.URL - hxxp://mp3rocketsearch.com/?prt=mp3rockettb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
SharedTaskScheduler-{06BAE9EF-082F-4D2C-B706-DE967FFA43F1} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 05:07
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9b,1f,dd,9d,3b,a1,f2,16,99,e3,1f,c0,fb,81,a1,68,ee,ba,a5,54,c1,37,43,
c1,2b,ca,d4,21,a2,23,b1,a0,6a,c8,b3,24,77,a8,84,9b,6c,69,00,b3,fd,03,bf,7c,\
"??"=hex:78,5f,98,56,4d,7f,97,79,c3,c4,18,44,bb,15,b7,f0
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-12 05:24:38
ComboFix-quarantined-files.txt 2011-07-12 09:24
.
Pre-Run: 61,157,662,720 bytes free
Post-Run: 58,208,559,104 bytes free
.
- - End Of File - - 58D12A9599478E3B63D21609F358559F

Edited by hamluis, 12 July 2011 - 12:42 PM.
Moved from Vista to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:03 AM

Posted 15 July 2011 - 02:53 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

First and for all, for all those who are reading this, DO NOT RUN COMBOFIX UNLESS INSTRUCTED BY A TRAINED HELPER!!

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Another note of caution, you attempted a fix that was not intended for your computer. This can do more harm than benefit! Such fixes are made for a certain user and should NOT be used unless you know what you are doing.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 EmWoodall

EmWoodall
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 16 July 2011 - 08:04 AM

ST,
Thank you SO much for your reply! This Forum has helped me so much, thanks for welcoming me. :thumbsup::)
I actually fixed the problem. After using Combofix & HiJackthis, and then running my Malwarebytes and installing AVG back again & rescanning for Viruses, I think it did it!
I haven't had any other issues with my Browser Redirecting, Thanks to this website & other topics on the issue.
I will check back if I have any other problems with my Laptop.

Thanks so much for your help!

~Emma

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:03 AM

Posted 16 July 2011 - 11:08 AM

Hi!

Thank you for posting back to let me know that the issue you were experiencing with your computer has been resolved.

I'll go ahead and close this thread now.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users