|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
01-11-2009, 06:24 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 4
OS: xp
|
Hi,
The problem I am having is that whilst attempting to access search results supplied by trustworthy search engines (live, google, yahoo) I am redirected to other websites (mamma search engine). I've run the instructed scans and the results are as follows, cheers.. DDS (Ver_09-01-07.01) - NTFSx86 Run by Helen at 12:46:38.10 on 11/01/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.66 [GMT 0:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Helen\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.virginmedia.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: System=kdjzp.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [c:\windows\system32\kdjzp.exe] c:\windows\system32\kdjzp.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: line6.net Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll AppInit_DLLs: avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\helen\applic~1\mozilla\firefox\profiles\39ulhfrz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ FF - component: c:\program files\mozilla firefox\components\iamfamous.dll FF - plugin: c:\documents and settings\helen\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\helen\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-23 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-23 26824] R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [2007-2-21 80232] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-12-19 33792] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-8-30 112688] R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-23 231704] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-1 47640] S3 L6TportK;Service - Line 6 TonePort KB37;c:\windows\system32\drivers\L6TportK.sys [2007-12-21 514432] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-28 27904] S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2006-7-31 17536] S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648] S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ ==================== Find3M ==================== 2008-12-01 01:23 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys 2008-12-01 01:23 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll 2008-12-01 01:23 28,984 a------- c:\windows\system32\LMIport.dll 2008-12-01 01:22 23,736 ac------ c:\windows\system32\lmimirr.dll 2008-12-01 01:22 10,040 ac------ c:\windows\system32\lmimirr2.dll 2008-12-01 01:22 87,352 a------- c:\windows\system32\LMIinit.dll 2008-11-28 01:20 27,904 a------- c:\windows\system32\drivers\ndisprot.sys 2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr 2008-10-29 15:23 77,155 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-23 19:39 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-16 01:00 666,112 a------- c:\windows\system32\wininet.dll 2008-04-12 18:19 3,723,256 a------- c:\program files\channel4_on_demand.exe 2007-12-12 01:48 1,206,366 a------- c:\program files\wrar371.exe 2006-03-16 17:11 148 a------- c:\docume~1\helen\applic~1\wklnhst.dat 2005-03-16 07:25 79 a------- c:\program files\Show Desktop.scf 2004-09-15 17:42 1,597,440 a------- c:\docume~1\helen\applic~1\SecureTraveler.exe ============= FINISH: 12:48:02.43 =============== any help would be greatly appreciated :) Unfortunately the file upload isn't working at the moment so I'll post both Attach.txt and ark.txt as replies to this thread if that's ok. Thanks again! Contents of Attach.txt as file upload failed every time: ATTACH.TXT UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-01-07.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 21/07/2005 19:15:47 System Uptime: 01/11/2009 12:07:24 (-7056 hours ago) Motherboard: TOSHIBA | | EAL30 Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 1595/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 4.827 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF001179&REV_10\4&AD1B67F&0&08F0 Manufacturer: Realtek Semiconductor Corp. Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF001179&REV_10\4&AD1B67F&0&08F0 Service: RTL8023xp Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Bluetooth PAN Network Adapter Device ID: ROOT\NET\0000 Manufacturer: IVT Corporation Name: Bluetooth PAN Network Adapter PNP Device ID: ROOT\NET\0000 Service: BT ==== System Restore Points =================== RP672: 13/11/2008 23:52:20 - System Checkpoint RP673: 15/11/2008 19:51:51 - System Checkpoint RP674: 16/11/2008 23:25:24 - System Checkpoint RP675: 18/11/2008 17:40:50 - System Checkpoint RP676: 19/11/2008 00:00:21 - Software Distribution Service 3.0 RP677: 19/11/2008 21:21:01 - Avg8 Update RP678: 19/11/2008 21:23:31 - Avg8 Update RP679: 20/11/2008 22:39:06 - Installed DirectX 9.0 RP680: 20/11/2008 22:43:23 - Installed Autodesk DWF Viewer 7 RP681: 20/11/2008 22:53:38 - Installed Backburner RP682: 20/11/2008 22:55:27 - Installed Autodesk 3ds Max 9 32-bit RP683: 22/11/2008 15:47:58 - System Checkpoint RP684: 23/11/2008 19:52:51 - System Checkpoint RP685: 25/11/2008 15:56:22 - System Checkpoint RP686: 27/11/2008 11:11:58 - Avg8 Update RP687: 28/11/2008 01:51:11 - Installed %1 %2. RP688: 28/11/2008 01:51:36 - Printer Driver Microsoft XPS Document Writer Installed RP689: 28/11/2008 14:10:28 - Removed AutoCAD 2007 - English RP690: 28/11/2008 14:21:11 - Installed DirectX RP691: 29/11/2008 16:13:39 - System Checkpoint RP692: 30/11/2008 18:45:01 - System Checkpoint RP693: 30/11/2008 21:00:47 - Installed DirectX RP694: 03/12/2008 12:39:54 - System Checkpoint RP695: 05/12/2008 13:51:38 - System Checkpoint RP696: 09/12/2008 00:27:21 - System Checkpoint RP697: 10/12/2008 02:15:04 - System Checkpoint RP698: 11/12/2008 15:41:52 - System Checkpoint RP699: 19/12/2008 15:35:08 - System Checkpoint RP700: 21/12/2008 00:16:29 - System Checkpoint RP701: 22/12/2008 17:18:36 - System Checkpoint RP702: 23/12/2008 19:43:42 - System Checkpoint RP703: 25/12/2008 13:46:47 - System Checkpoint RP704: 26/12/2008 23:48:45 - System Checkpoint RP705: 28/12/2008 00:57:54 - System Checkpoint RP706: 30/12/2008 14:33:25 - System Checkpoint RP707: 01/01/2009 02:07:14 - System Checkpoint RP708: 02/01/2009 23:32:36 - System Checkpoint RP709: 04/01/2009 19:46:57 - System Checkpoint RP710: 04/01/2009 21:13:13 - Restore Operation RP711: 04/01/2009 22:50:18 - Installed Ad-Aware RP712: 05/01/2009 02:11:35 - Ad-Aware Restore Point 2009-01-05 02:11:20 RP713: 05/01/2009 20:42:49 - Printer Driver LogMeIn Printer Driver Installed RP714: 07/01/2009 01:02:31 - System Checkpoint RP715: 07/01/2009 13:36:57 - Avg8 Update RP716: 08/01/2009 00:00:46 - Software Distribution Service 3.0 RP717: 09/01/2009 00:01:05 - Software Distribution Service 3.0 ==== Installed Programs ====================== 3dsmax ancillary install 4200 4200_Help 4200Tour 4200Trb 4oD Ad-Aware Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop 7.0 Adobe Reader 7.0.7 Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AiO_Scan AIOMinimal AiOSoftware ALPS Touch Pad Driver Apple Mobile Device Support Apple Software Update Atheros Wireless LAN MiniPCI card Driver AudibleManager AutoCAD Architecture 2008 Autodesk 3ds Max 9 32-bit Autodesk DWF Viewer 7 Avanquest update AVG Free 8.0 Azureus Vuze Backburner BBC iPlayer Download Manager Bebo - Skype 2.5 BlueSoleil BroadJump Client Foundation Canon Camera WIA Driver Canon EOS Kiss REBEL 300D WIA Driver Canon MP210 series Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 ccCommon CD/DVD Drive Acoustic Silencer Creative MediaSource 5 Creative Photo Manager Creative Removable Disk Manager Creative System Information Creative WebCam Center Creative WebCam Instant Driver (1.03.02.0425) Creative WebCam Instant User's Guide (English) Creative ZEN V Series (R2) DELG Driver Theory Test DivX Content Uploader DivX Web Player DVD-RAM Driver DVD43 v4.0.0 EPSON PRINT Image Framer Tool EPSON Printer Software Fax FBX Plugin 2006.08 for Max 9.0 Flamingo 1.1 Flickr Uploadr 2.3 Freez FLV to MP3 Converter GdiplusUpgrade Google Chrome Google Earth Google Talk (remove only) Google Talk Plugin Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Memories Disc HP Photo and Imaging 2.1 - Scanjet 36X0 Series HP PSC & OfficeJet 3.5 HP Software Update Intel(R) Graphics Media Accelerator Driver for Mobile InterActual Player InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA iriverter 0.15 iTunes J2SE Runtime Environment 5.0 jetAudio Basic VX JetShell PRO LiveUpdate 3.1 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) LogMeIn Macromedia Extension Manager Macromedia Flash 8 Video Encoder Macromedia Flash Player Macromedia Flash Player 8 Magic ISO Maker v5.4 (build 0256) Magic ISO Maker v5.5 (build 0273) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 5.2 Microsoft Office OneNote 2003 Microsoft Office Small Business Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.0.5) MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB925673) Music Visualizer Library 1.4.00 Norton Internet Security (Symantec Corporation) Olympus Digital Wave Player OpenMG Limited Patch 3.1-02-10-22-01 OpenMG Limited Patch 3.1-02-10-22-02 OpenMG Limited Patch 3.1-02-12-04-01 OpenMG Secure Module 3.1 Overland PDF Settings Pdf995 PhantomFM PhotoStitch Picasa 2 Picasa 3 PrintScreen QuickTime Readme Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver RemoteCapture 2.7.4 Rhinoceros 3.0 Scan SD Secure Module Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) SMSC IrCC V5.1.3600.5 SP2 Sonic DLA Sonic RecordNow! SonicStage 1.5.06 Sony Ericsson Media Manager 1.1 Sony Ericsson PC Suite 3.209.00 Spectrogram 16 Steganos Safe Home 2007 Steinberg Cubase SX v3.1.1.944 Syncrosoft's License Control SyncroSoft Emu (Remove only) Texas Instruments PCIxx21/x515 drivers. TIxx21/x515 TOSHIBA Accessibility TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Controls Driver TOSHIBA Hardware Setup TOSHIBA Hotkey Utility TOSHIBA Manuals TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver TOSHIBA Power Saver Driver TOSHIBA SD Memory Card Format TOSHIBA Software Modem TOSHIBA Supervisor Password TOSHIBA Virtual Sound TOSHIBA Zooming Hook TOSHIBA Zooming Utility Touch and Launch TouchPad On/Off Utility Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Utility Common Driver VBA (2627.01) VectorWorks 11 VLC media player 0.9.8a WebCam Instant Product Registration WebFldrs XP Windows Communication Foundation Windows Genuine Advantage Notifications (KB905474) Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB895316 Windows Media Player 11 Windows Media Player Firefox Plugin Windows Presentation Foundation Windows Workflow Foundation Windows XP Service Pack 3 WinRAR archiver X5 User's Guide XML Paper Specification Shared Components Pack 1.0 ZENcast Organizer ==== Event Viewer Messages From Past Week ======== 05/01/2009 02:26:00, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 0012F054C2FE has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message). 04/01/2009 22:00:35, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 05/01/2009 20:39:08, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s). 06/01/2009 00:59:57, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x8004201e. 10/01/2009 14:48:39, error: MRxSmb [8003] - The master browser has received a server announcement from the computer WHITEPONY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5132FD3-77E6-4. The master browser is stopping or an election is being forced. 10/01/2009 17:10:06, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 169.254.184.250. The machine with the IP address 169.254.63.196 did not allow the name to be claimed by this machine. 10/01/2009 18:34:11, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GIRISH-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5132FD3-77E6-402C. The master browser is stopping or an election is being forced. 10/01/2009 18:45:06, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NAOMI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5132FD3-77E6-402C-8F9. The master browser is stopping or an election is being forced. 10/01/2009 19:31:18, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JIMMY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C5132FD3-77E6-402C-. The master browser is stopping or an election is being forced. ==== End Of File =========================== Contents of Ark.txt as file upload failed every time: ARK.TXT GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-11 13:58:09 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs A98D3400 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f60504d0 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f60504d0 ---- EOF - GMER 1.0.14 ---- |
|
     
|
| Sponsored Links |
|
01-17-2009, 11:07 AM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,918
OS: WinXP and Vista
|
Re: Browser search redirecting
Hello neilturpin,
Our apologies for the delay. Please run a new scan with dds,post a fresh dds.txt , and we'll get started. |
|
|
|
|
01-18-2009, 05:10 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 4
OS: xp
|
Re: Browser search redirecting
No problems about the delay!
Thanks for taking the time to help. the contents of dds.txt after a fresh scan are as follows: DDS (Ver_09-01-07.01) - NTFSx86 Run by Helen at 0:33:29.50 on 19/01/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.228 [GMT 0:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Documents and Settings\Helen\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.virginmedia.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: System=kdjzp.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [c:\windows\system32\kdjzp.exe] c:\windows\system32\kdjzp.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: line6.net Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll AppInit_DLLs: avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\helen\applic~1\mozilla\firefox\profiles\39ulhfrz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ FF - component: c:\program files\mozilla firefox\components\iamfamous.dll FF - plugin: c:\documents and settings\helen\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\helen\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-23 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-23 26824] R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [2007-2-21 80232] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-12-19 33792] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-8-30 112688] R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-23 231704] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-1 47640] S3 L6TportK;Service - Line 6 TonePort KB37;c:\windows\system32\drivers\L6TportK.sys [2007-12-21 514432] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-28 27904] S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2006-7-31 17536] S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648] S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 108648] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ ==================== Find3M ==================== 2008-12-11 10:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-01 01:23 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys 2008-12-01 01:23 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll 2008-12-01 01:23 28,984 a------- c:\windows\system32\LMIport.dll 2008-12-01 01:22 23,736 ac------ c:\windows\system32\lmimirr.dll 2008-12-01 01:22 10,040 ac------ c:\windows\system32\lmimirr2.dll 2008-12-01 01:22 87,352 a------- c:\windows\system32\LMIinit.dll 2008-11-28 01:20 27,904 a------- c:\windows\system32\drivers\ndisprot.sys 2008-10-29 15:23 77,155 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-10-23 19:39 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-04-12 18:19 3,723,256 a------- c:\program files\channel4_on_demand.exe 2007-12-12 01:48 1,206,366 a------- c:\program files\wrar371.exe 2006-03-16 17:11 148 a------- c:\docume~1\helen\applic~1\wklnhst.dat 2005-03-16 07:25 79 a------- c:\program files\Show Desktop.scf 2004-09-15 17:42 1,597,440 a------- c:\docume~1\helen\applic~1\SecureTraveler.exe ============= FINISH: 0:35:13.15 =============== Thanks again! |
|
|
|
|
01-18-2009, 05:50 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,918
OS: WinXP and Vista
|
Re: Browser search redirecting
Thank you. : )
It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. *************************************************** Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT- Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. |
|
|
|
|
01-19-2009, 07:29 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 4
OS: xp
|
Re: Browser search redirecting
Here are the results to the combofix scan:
ComboFix 09-01-19.03 - Helen 2009-01-20 3  36.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.227 [GMT 0:00] Running from: c:\documents and settings\Helen\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\iamfamous.dll C:\resycled c:\windows\IE4 Error Log.txt c:\windows\system32\kdjzp.exe . ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-16 00:13 . 2009-01-16 00:13 <DIR> d-------- c:\documents and settings\Helen\Application Data\Canon 2009-01-11 17:25 . 2009-01-11 17:25 <DIR> d-------- c:\program files\Smith Micro 2009-01-11 12:49 . 2009-01-11 12:49 250 --a------ c:\windows\gmer.ini 2009-01-08 23:31 . 2009-01-08 23:31 <DIR> d-------- c:\program files\Common Files\Control Panels 2009-01-08 00:12 . 2009-01-08 00:12 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-01-07 13:35 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-07 13:35 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-01-07 13:35 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-05 22:33 . 2009-01-05 22:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr 2009-01-04 22:50 . 2009-01-04 22:50 <DIR> d-------- c:\program files\Lavasoft 2009-01-04 22:50 . 2009-01-04 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-04 22:46 . 2009-01-04 22:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-04 22:15 . 2009-01-04 22:15 <DIR> d-------- c:\program files\Microsoft Silverlight 2008-12-27 00:42 . 2009-01-18 16:27 <DIR> d-------- c:\documents and settings\Helen\Application Data\vlc . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-20 01:49 --------- d-----w c:\program files\LogMeIn 2009-01-19 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2009-01-18 07:44 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki 2009-01-18 05:28 --------- d-----w c:\documents and settings\Helen\Application Data\Azureus 2009-01-17 21:16 --------- d-----w c:\program files\Common Files\Adobe 2009-01-08 22:54 --------- d-----w c:\program files\MagicISO 2009-01-04 21:10 --------- d-----w c:\program files\Google 2009-01-04 21:08 --------- d-----w c:\program files\MSN Messenger 2009-01-04 21:06 --------- d-----w c:\program files\Common Files\Autodesk Shared 2009-01-04 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-01-04 21:03 --------- d-----w c:\program files\AutoCAD 2007 2009-01-04 20:53 --------- d-----w c:\program files\AutoCAD Architecture 2008 2009-01-04 20:50 --------- d-----w c:\documents and settings\Helen\Application Data\dvdcss 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 01:03 --------- d-----w c:\documents and settings\Helen\Application Data\Skype 2008-12-03 11:19 --------- d-----w c:\documents and settings\Helen\Application Data\Autodesk 2008-12-01 01:23 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys 2008-11-28 01:57 --------- d-----w c:\program files\MSBuild 2008-11-28 01:52 --------- d-----w c:\program files\Reference Assemblies 2008-11-28 01:20 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys 2008-11-21 22:43 --------- d-----w c:\program files\Azureus 2008-11-20 23:01 --------- d-----w c:\program files\Autodesk 2008-11-20 22:49 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ 2008-11-20 22:47 --------- d--h--w c:\program files\CanonBJ 2008-11-20 21:53 --------- d-----w c:\program files\3dsmax 2008-04-12 18:19 3,723,256 ----a-w c:\program files\channel4_on_demand.exe 2007-12-12 01:48 1,206,366 ----a-w c:\program files\wrar371.exe 2006-03-16 17:11 148 ----a-w c:\documents and settings\Helen\Application Data\wklnhst.dat 2005-03-16 07:25 79 ----a-w c:\program files\Show Desktop.scf 2004-09-15 17:42 1,597,440 ----a-w c:\documents and settings\Helen\Application Data\SecureTraveler.exe 2007-08-09 12:08 8,784 -c--a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 12:10 245,408 -c--a-w c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-07-21 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-12-01 01:22 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.jxvd"= JetMPVx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk backup=c:\windows\pss\Device Detector 3.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk backup=c:\windows\pss\Personal Coach.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Helen^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\Helen\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] --a------ 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a------ 2003-10-30 16:46 192512 c:\program files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2003-01-27 16:16 376912 c:\program files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 21:59 115816 c:\program files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] --a--c--- 2005-01-21 21:48 675840 c:\program files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-09-28 19:09 700416 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a--c--- 2005-01-14 01:05 122939 c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43] --a------ 2007-11-20 16:40 731136 c:\program files\dvd43\DVD43_Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-11-13 15:51 133104 c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] --a------ 2005-10-22 23:00 385024 c:\program files\Syncrosoft\POS\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a--c--- 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a--c--- 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] --a--c--- 2004-12-23 18:07 28672 c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a--c--- 2004-11-02 09:03 155648 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2007-08-03 14:09 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu] -----c--- 2006-03-08 07:56 278528 c:\program files\Creative\MediaSource5\MtdAcqu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] --a------ 2004-11-17 10:56 1077327 c:\program files\TOSHIBA\Touch and Launch\PadExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME HotKeys] --a--c--- 2007-03-21 16:59 25088 c:\program files\Steganos Safe Home\SteganosHotKeyService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a--c--- 2002-04-17 09:42 69632 c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-10-13 17:52 20067880 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2004-11-15 09:14 118784 c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --------- 2008-02-20 16:19 356352 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a--c--- 2005-02-25 15:59 65536 c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] --a------ 2005-03-02 08:56 65536 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility] --a--c--- 2004-12-07 21:24 24576 c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] --a--c--- 2004-11-29 21:06 53248 c:\program files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs] --a--c--- 2004-11-12 17:57 73728 c:\program files\TOSHIBA\Tvs\TvsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -----c--- 2005-08-18 10:49 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a--c--- 2004-10-28 14:37 88363 c:\windows\agrsmmsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook] --a--c--- 2005-02-16 14:43 28672 c:\windows\system32\TCtrlIOHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain] --a------ 2005-01-21 08:53 266240 c:\windows\system32\TPSMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming] --a--c--- 2004-07-14 16:07 24576 c:\windows\system32\ZoomingHook.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Helen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Helen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\VectorWorks 11\\VectorWorks.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Kontiki\\KHost.exe"= R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\sleen15.sys [2007-02-21 12:33:54 80232] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-12-19 33792] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-08-30 112688] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-04-01 47640] S3 L6TportK;Service - Line 6 TonePort KB37;c:\windows\system32\drivers\L6TportK.sys [2007-12-21 514432] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-28 27904] S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2006-07-31 17536] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c9a8a48-f696-11dc-8193-000fb0830519}] \Shell\AutoRun\command - E:\ClickMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f76e65-ba44-11dd-8270-0012f054c2fe}] \Shell\AutoRun\command - AutoRun\AutoStart.exe \Shell\Explore\Command - AutoRun\AutoStart.exe \Shell\Open\Command - AutoRun\AutoStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca44a9e4-44eb-11db-bf45-0011f60504d0}] \Shell\AutoRun\command - AutoRun\AutoStart.exe \Shell\Explore\Command - AutoRun\AutoStart.exe \Shell\Open\Command - AutoRun\AutoStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef873fb1-e4cc-11dd-82aa-0012f054c2fe}] \Shell\AutoRun\command - AutoRun\AutoStart.exe \Shell\Explore\Command - AutoRun\AutoStart.exe \Shell\Open\Command - AutoRun\AutoStart.exe . Contents of the 'Scheduled Tasks' folder 2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3728980726-1084162681-1200691173-1006.job - c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 15:51] 2005-07-21 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 00:12] 2005-07-21 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 00:12] 2005-07-21 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 00:12] 2009-01-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [] 2009-01-19 c:\windows\Tasks\WebReg 20060214203114.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 00:43] . - - - - ORPHANS REMOVED - - - - HKLM-Run-c:\windows\system32\kdjzp.exe - c:\windows\system32\kdjzp.exe MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-WinUpdater AutoRun - c:\autoprotect\DrvMonitor.exe MSConfigStartUp-NDSTray - NDSTray.exe MSConfigStartUp-TFncKy - TFncKy.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.virginmedia.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: *.line6.net FF - ProfilePath - c:\documents and settings\Helen\Application Data\Mozilla\Firefox\Profiles\39ulhfrz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ FF - plugin: c:\documents and settings\Helen\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Helen\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 03:12:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3728980726-1084162681-1200691173-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\LMIinit.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\DVDRAMSV.exe c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-01-20 3:19:06 - machine was rebooted [Helen] ComboFix-quarantined-files.txt 2009-01-20 03:18:51 Pre-Run: 7,270,617,088 bytes free Post-Run: 7,762,128,896 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 336 --- E O F --- 2009-01-15 00:07:21 thanks:) |
|
|
|
|
01-20-2009, 06:45 PM
|
#7 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,918
OS: WinXP and Vista
|
Re: Browser search redirecting
Hi neilturpin,
Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Locate whatever is typically your E:\ drive. Usually, it is a flash usb drive. Download Flash_Disinfector.exe and save it to your desktop. --------------------------------------------------------------------- Close/disable all anti virus and anti malware programs so they do not interfere with the running of the following tools. --------------------------------------------------------------------- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
========================== Once again, close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Keeping the E:\ drive inserted.... Open notepad and copy/paste the text in the code box below into it: Quote:
in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt -------------------------------------------------------------------- It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Your E:\ drive should remain inserted for this scan as well. Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review:
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
--------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt Kaspersky results Update on system behavior |
|
|
|
|
|
| Thread Tools | |
|
|
