Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Google Search redirect to shopper sites malware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 12-09-2008, 01:20 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 2
OS: XP


Google Search redirect to shopper sites malware
A couple days ago when I use Google Search engine from IE or FireFox when I receive my search results, the descriptions of the various hits look fine but when I click on any of these results I go to a shopping website. It happens for about the first 10 entries..... Anyway it is clear that you guys have been dealing with that lately and can probably help me!

It looks like there is no quick fix if there is that be great. And looking at someone elses thread didn't exactly scream out to me what I can do. So here is the state of my machine from DDS and the attachment has the two files requested.

Thanks in advance!

It be nice if my system got quicker too. I find things like when I open a directory like My Documents and try and scroll down 50 or so entries my system will just make me wait for 5 or 8 seconds -- but that is a different less important problems.


DDS (Version 1.0) - NTFSx86
Run by david.edrich at 23:35:13.14 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1091 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vongo\VongoService.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Vinade\Reminder\Reminder.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\plesieur\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Vinade Reminder] c:\program files\vinade\reminder\Reminder.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [iKeyWorks] c:\program files\a4tech\keyboard\Ikeymain.exe
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [spywarefighterguard] c:\program files\fighters\spywarefighter\SpywarefighterUser.exe
mRun: [NWEReboot]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {1268D7D0-80AF-42C0-B046-8510A379AA33} = 192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,68.94.156.1,68.94.157.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024]
R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2006-11-21 169576]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\fighters\licenseservice.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\fighters\updateservice.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\fighters\configservice.exe [2008-11-18 139912]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2007-3-14 1816768]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{E1C86793-3C84-4795-AB53-B2BC6AB5A8FC} [2004-8-4 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-5 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081206.003\naveng.sys [2008-12-6 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081206.003\navex15.sys [2008-12-6 876112]
R3 NESSLDrv;Network Extender SSLVPN Adapter;c:\windows\system32\drivers\NESSLDrv.sys [2007-10-9 19224]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
R3 SNESSLDr;Standalone Network Extender SSLVPN Adapter;c:\windows\system32\drivers\SNESSLDr.sys [2007-1-24 19224]
R3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\SymSnapService.exe" [2007-12-20 1558000]
R3 Vfscan;Vfscan;c:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
S3 Amdudd;AMD USB Device Driver;c:\windows\system32\drivers\Amdudd.sys [2008-8-1 30976]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-7 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-7 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-7 81288]
S3 ISUSB;ISUSB.Sys i82930 Bulk IO test driver;c:\windows\system32\drivers\ISUSB.sys [2004-7-7 16384]
S3 itp700drv;Intel ITP700 Debug Port Interface;c:\windows\system32\drivers\itp700drv.sys [2007-3-12 53770]
S3 itp800drv;Intel ITP800 Debug Port Interface;c:\windows\system32\drivers\itp800drv.sys [2007-3-12 57230]
S3 itpBridge;Intel ITP Bridge Interface;c:\windows\system32\drivers\itpBridge.sys [2007-3-12 60726]
S3 ItpXdpLdr;Intel ITP-XDP Ldr Driver (itpxdpldr.sys);c:\windows\system32\drivers\ItpxdpLdr.sys [2007-3-12 20480]
S3 ItpXdpSys;Intel ITP-XDP Driver (itpxdpsys.sys);c:\windows\system32\drivers\ItpXdpSys.sys [2007-3-12 14208]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2007-3-14 116416]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-7 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-7 1079176]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2008-12-08 17:17 388,608 a------- c:\windows\system32\CF1665.exe
2008-12-08 14:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-08 14:09 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-08 14:09 <DIR> --d----- c:\docume~1\plesieur\applic~1\SUPERAntiSpyware.com
2008-12-08 11:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-08 11:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-08 11:50 15,083,520 a------- C:\spybotsd160.exe
2008-12-08 01:29 <DIR> --d----- c:\docume~1\plesieur\applic~1\Malwarebytes
2008-12-08 01:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-08 01:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 01:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-08 00:09 <DIR> --d----- c:\program files\Fighters
2008-12-08 00:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Fighters
2008-12-07 23:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2008-12-07 23:36 <DIR> --d----- c:\program files\common files\iS3
2008-12-07 23:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2008-12-07 23:33 292,352 a------- C:\STOPzilla_Setup.exe
2008-12-07 23:16 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-07 23:16 <DIR> --d----- c:\docume~1\plesieur\applic~1\Spyware Terminator
2008-12-07 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-12-07 23:15 <DIR> --d----- c:\program files\Spyware Terminator
2008-12-07 23:13 646,376 a------- C:\SpywareTerminatorSetup.exe
2008-12-07 22:59 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-07 22:59 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-07 22:59 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-07 22:59 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-07 22:59 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-07 22:59 <DIR> --d----- c:\docume~1\plesieur\applic~1\PC Tools
2008-12-07 22:58 13,596,592 a------- C:\sdsetup.exe
2008-12-07 22:34 1,077,632 a------- C:\RegCureSetup_1501_RW.exe
2008-12-02 18:12 <DIR> --d----- C:\1shinerxy
2008-12-02 18:06 <DIR> --d----- C:\1SA
2008-11-27 01:40 1,489 a------- C:\syslinux.cfg
2008-11-24 17:00 1,048,576 a------- C:\1RUX64Nov.bin
2008-11-23 23:26 215,144 a----r-- c:\windows\patchw32.dll
2008-11-23 23:24 215,144 a----r-- c:\windows\pw32a.dll
2008-11-23 23:10 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2008-11-23 23:10 15,088 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2008-11-23 23:10 38,112 a------- c:\windows\system32\drivers\v2imount.sys
2008-11-23 23:10 138,080 a------- c:\windows\system32\drivers\symsnap.sys
2008-11-23 23:08 <DIR> --d----- c:\program files\Norton Ghost
2008-11-22 03:26 2,097,152 a------- C:\1RUX64.bin
2008-11-22 02:53 <DIR> --d----- C:\1Nov221RU_BackupNoCompile
2008-11-22 02:48 <DIR> --d----- C:\1Nov221RU
2008-11-21 12:30 1,048,576 a------- C:\ReeflpcX64.rom
2008-11-21 11:53 <DIR> --d----- C:\1Om
2008-11-18 15:57 518,939,027 a------- C:\AIOPendrivelinux08.zip
2008-11-18 11:01 15,496 a------- c:\windows\system32\drivers\vffilter.sys
2008-11-16 01:16 266,360 a------- c:\windows\system32\TweakUI.exe
2008-11-16 01:16 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2008-11-14 23:40 <DIR> --d----- C:\1ru11_15_08Save
2008-11-14 20:27 22,885,353 a------- C:\1ru11_15_08_false.zip
2008-11-14 20:09 20,914,331 a------- C:\1ru11_15_08.zip
2008-11-14 20:08 1,048,576 a------- C:\1RUX64.fd
2008-11-14 19:23 <DIR> --d----- C:\1rutest
2008-11-12 12:57 117,125 a------- C:\BdsPlatform.cod
2008-11-12 12:56 4,070 a------- C:\PlatformData.cod
2008-11-12 12:16 67,873 a------- C:\makefile2
2008-11-11 16:12 <DIR> --d----- C:\usbboot

==================== Find3M ====================

2008-11-28 19:31 30 a------- c:\program files\Exiferupdate.ini
2008-11-13 12:06 3,198,976 a------- C:\biosdbg-32.exe
2008-11-03 16:20 3,194,880 a------- C:\biosdbg.exe
2008-10-29 00:43 54,272 a------- c:\documents and settings\plesieur\sslepc.dll
2008-10-29 00:43 53,248 a------- c:\documents and settings\plesieur\sslppp.dll
2008-10-29 00:43 0 a------- c:\documents and settings\plesieur\ssllnch.exe
2008-10-29 00:43 31,232 a------- c:\documents and settings\plesieur\ssll2.dll
2008-10-29 00:43 7,168 a------- c:\documents and settings\plesieur\sslsocks.dll
2008-10-28 16:33 3,448,320 a------- C:\biosdbg-64.exe
2008-10-27 15:36 3,186,688 a------- C:\biosdbgOLD.exe
2008-10-24 05:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 05:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 10:50 1,048,576 a------- C:\ReefGood.bin
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 10:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-10 08:11 56,912 a------- c:\documents and settings\plesieur\g2mdlhlpx.exe
2008-10-03 15:12 1,048,576 a------- C:\ReefLpcX64USBTEST.bin
2008-10-03 11:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-23 12:36 4,194,304 a------- C:\reef.bin
2008-09-16 15:26 5,645,528 a------- C:\2rf.zip
2008-09-15 05:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 05:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-14 09:27 181,969 a------- C:\H2ODebug.zip
2008-09-13 12:46 62,828 a---h--- c:\windows\system32\mlfcache.dat
2008-07-14 00:41 61,224 a------- c:\documents and settings\plesieur\GoToAssistDownloadHelper.exe
2007-08-15 08:07 22 ---sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 23:35:47.40 ===============



Thanks in advance!!
Attached Files
File Type: zip Attach.zip (6.8 KB, 0 views)
SearchEngineBug is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-10-2008, 12:02 AM   #2 (permalink)
Registered User
 
Join Date: Dec 2008
Posts: 2
OS: XP


Re: Google Search redirect to shopper sites malware
So looking at other replies it seems I need to run combofix and post the log. So here it is. Strangly the problem seems to have gone away with that one action. Am I still infected? Really I want to know if someone is able to see my passwords and intercept everything I am doing on the internet....


I don't know why my original post seems to not be word wrapping either.

thanks again in advance

ComboFix 08-12-09.02 - david.edrich 2008-12-10 0:29:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1360 [GMT -6:00]
Running from: c:\documents and settings\plesieur\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Recycled
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\Cache
c:\windows\system32\ntnet.drv
c:\windows\system32\sysaudio.sys
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 16:55 . 2007-05-07 01:30 7,168 -ra------ c:\windows\system32\ppspCoInst.dll
2008-12-09 16:44 . 2005-10-24 21:41 245,760 -ra------ c:\windows\system32\MosUSer.exe
2008-12-09 16:44 . 2005-10-24 21:44 229,376 -ra------ c:\windows\system32\MosUPar.exe
2008-12-09 16:44 . 2006-05-04 00:26 144,756 -ra------ c:\windows\system32\mosUsbSr.sys
2008-12-09 16:44 . 2006-05-04 00:26 140,419 -ra------ c:\windows\system32\MCSENUM.vxd
2008-12-09 16:44 . 2004-09-16 22:15 18,496 -ra------ c:\windows\system32\drivers\DbgMsg9X.sys
2008-12-09 16:44 . 2006-05-04 00:28 8,720 -ra------ c:\windows\system32\MOSUSRPT.vxd
2008-12-09 16:44 . 2006-05-04 00:29 8,670 -ra------ c:\windows\system32\MOSUPRPT.vxd
2008-12-09 16:44 . 2005-10-24 22:11 7,536 -ra------ c:\windows\system32\MOSUSER.DLL
2008-12-09 16:44 . 2005-10-24 22:12 4,352 -ra------ c:\windows\system32\MOSUPAR.DLL
2008-12-09 11:21 . 2008-12-09 11:21 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-08 23:40 . 2008-12-08 23:40 250 --a------ c:\windows\gmer.ini
2008-12-08 14:09 . 2008-12-09 16:13 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-08 14:09 . 2008-12-09 16:13 <DIR> d-------- c:\documents and settings\plesieur\Application Data\SUPERAntiSpyware.com
2008-12-08 14:09 . 2008-12-08 14:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-08 11:53 . 2008-12-09 16:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-08 11:53 . 2008-12-09 16:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 11:50 . 2008-12-08 11:52 15,083,520 --a------ C:\spybotsd160.exe
2008-12-08 01:29 . 2008-12-08 01:29 <DIR> d-------- c:\documents and settings\plesieur\Application Data\Malwarebytes
2008-12-08 01:29 . 2008-12-08 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 00:09 . 2008-12-09 23:59 <DIR> d-------- c:\program files\Fighters
2008-12-08 00:09 . 2008-12-08 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fighters
2008-12-07 23:38 . 2008-12-08 13:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-12-07 23:36 . 2008-12-07 23:36 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-07 23:36 . 2008-12-08 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-12-07 23:33 . 2008-12-07 23:33 292,352 --a------ C:\STOPzilla_Setup.exe
2008-12-07 23:13 . 2008-12-07 23:13 646,376 --a------ C:\SpywareTerminatorSetup.exe
2008-12-07 22:59 . 2008-12-09 23:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-07 22:58 . 2008-12-07 22:58 13,596,592 --a------ C:\sdsetup.exe
2008-12-07 22:34 . 2008-12-07 22:34 1,077,632 --a------ C:\RegCureSetup_1501_RW.exe
2008-12-02 18:12 . 2008-12-04 16:12 <DIR> d-------- C:\1shinerxy
2008-12-02 18:06 . 2008-12-04 12:07 <DIR> d-------- C:\1SA
2008-11-27 01:40 . 2008-11-27 01:40 1,489 --a------ C:\syslinux.cfg
2008-11-24 17:00 . 2008-11-22 03:26 1,048,576 --a------ C:\1RUX64Nov.bin
2008-11-23 23:10 . 2008-08-07 17:31 138,080 --a------ c:\windows\system32\drivers\symsnap.sys
2008-11-23 23:10 . 2008-01-19 20:12 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
2008-11-23 23:10 . 2008-08-13 17:07 38,112 --a------ c:\windows\system32\drivers\v2imount.sys
2008-11-23 23:10 . 2008-01-19 19:40 15,088 --a------ c:\windows\system32\drivers\vproeventmonitor.sys
2008-11-23 23:08 . 2008-11-23 23:09 <DIR> d-------- c:\program files\Norton Ghost
2008-11-22 03:26 . 2008-12-04 19:35 2,097,152 --a------ C:\1RUX64.bin
2008-11-22 02:53 . 2008-11-30 23:00 <DIR> d-------- C:\1Nov221RU_BackupNoCompile
2008-11-22 02:48 . 2008-11-22 02:52 <DIR> d-------- C:\1Nov221RU
2008-11-21 12:30 . 2008-11-19 15:32 1,048,576 --a------ C:\ReeflpcX64.rom
2008-11-21 11:53 . 2008-11-21 11:53 <DIR> d-------- C:\1Om
2008-11-18 15:57 . 2008-11-18 15:58 518,939,027 --a------ C:\AIOPendrivelinux08.zip
2008-11-16 01:16 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-11-16 01:16 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-11-14 23:40 . 2008-11-30 21:05 <DIR> d-------- C:\1ru11_15_08Save
2008-11-14 20:27 . 2008-11-14 20:11 22,885,353 --a------ C:\1ru11_15_08_false.zip
2008-11-14 20:09 . 2008-11-14 20:28 20,914,331 --a------ C:\1ru11_15_08.zip
2008-11-14 20:08 . 2008-11-14 20:08 1,048,576 --a------ C:\1RUX64.fd
2008-11-14 19:23 . 2008-11-23 00:58 <DIR> d-------- C:\1rutest
2008-11-12 12:57 . 2008-11-12 12:56 117,125 --a------ C:\BdsPlatform.cod
2008-11-12 12:56 . 2008-11-12 11:55 4,070 --a------ C:\PlatformData.cod
2008-11-12 12:16 . 2008-11-12 12:13 67,873 --a------ C:\makefile2
2008-11-11 16:12 . 2008-11-11 16:20 <DIR> d-------- C:\usbboot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 06:38 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-10 06:29 --------- d-----w c:\documents and settings\plesieur\Application Data\Skype
2008-12-10 06:21 --------- d-----w c:\program files\Vinade
2008-12-10 06:05 --------- d-----w c:\documents and settings\plesieur\Application Data\skypePM
2008-12-09 22:13 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 18:20 --------- d-----w c:\documents and settings\plesieur\Application Data\CoreFTP
2008-11-29 01:31 30 ----a-w c:\program files\Exiferupdate.ini
2008-11-24 06:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 06:23 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 05:30 --------- d-----w c:\documents and settings\plesieur\Application Data\Symantec
2008-11-13 19:54 --------- d-----w c:\program files\ZOC5
2008-11-13 18:06 3,198,976 ----a-w C:\biosdbg-32.exe
2008-11-13 03:53 --------- d-----w c:\program files\Common Files\Adobe
2008-11-11 22:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 22:20 3,194,880 ----a-w C:\biosdbg.exe
2008-10-29 06:43 7,168 ----a-w c:\documents and settings\plesieur\sslsocks.dll
2008-10-29 06:43 54,272 ----a-w c:\documents and settings\plesieur\sslepc.dll
2008-10-29 06:43 53,248 ----a-w c:\documents and settings\plesieur\sslppp.dll
2008-10-29 06:43 31,232 ----a-w c:\documents and settings\plesieur\ssll2.dll
2008-10-29 06:43 0 ----a-w c:\documents and settings\plesieur\ssllnch.exe
2008-10-28 22:33 3,448,320 ----a-w C:\biosdbg-64.exe
2008-10-27 21:36 3,186,688 ----a-w C:\biosdbgOLD.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 16:50 1,048,576 ----a-w C:\ReefGood.bin
2008-10-10 22:13 --------- d-----w c:\documents and settings\plesieur\Application Data\NewSoft
2008-10-10 14:11 56,912 ----a-w c:\documents and settings\plesieur\g2mdlhlpx.exe
2008-10-10 14:11 --------- d-----w c:\program files\Citrix
2008-10-03 21:12 1,048,576 ----a-w C:\ReefLpcX64USBTEST.bin
2008-09-23 18:36 4,194,304 ----a-w C:\reef.bin
2008-09-16 21:26 5,645,528 ----a-w C:\2rf.zip
2008-09-14 15:27 181,969 ----a-w C:\H2ODebug.zip
2008-07-14 06:41 61,224 ----a-w c:\documents and settings\plesieur\GoToAssistDownloadHelper.exe
2007-08-15 14:07 22 --sh--w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 10:40 536576 --------- c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ASOOverlayIcon]
@="{0FB7818F-4055-4635-B618-09F669074940}"
[HKEY_CLASSES_ROOT\CLSID\{0FB7818F-4055-4635-B618-09F669074940}]
2007-08-14 09:12 286720 --------- c:\program files\EMC IRM\Common\ASOShExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-30 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-01 185632]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"iKeyWorks"="c:\program files\A4Tech\Keyboard\Ikeymain.exe" [2007-06-25 65536]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-06-30 241664]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-08-13 2245984]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\jeff.bobzin\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\Paul Lesieur\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= sysaudio.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{E1C86793-3C84-4795-AB53-B2BC6AB5A8FC} [2004-08-04 5120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 NESSLDrv;Network Extender SSLVPN Adapter;c:\windows\system32\DRIVERS\NESSLDrv.sys [2007-10-09 19224]
R3 SNESSLDr;Standalone Network Extender SSLVPN Adapter;c:\windows\system32\DRIVERS\SNESSLDr.sys [2007-01-24 19224]
R3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2007-12-20 1558000]
S3 Amdudd;AMD USB Device Driver;c:\windows\system32\Drivers\Amdudd.sys [2008-08-01 30976]
S3 ISUSB;ISUSB.Sys i82930 Bulk IO test driver;c:\windows\system32\Drivers\ISUSB.sys [2004-07-07 16384]
S3 itp700drv;Intel ITP700 Debug Port Interface;c:\windows\system32\drivers\itp700drv.sys [2007-03-12 53770]
S3 itp800drv;Intel ITP800 Debug Port Interface;c:\windows\system32\drivers\itp800drv.sys [2007-03-12 57230]
S3 itpBridge;Intel ITP Bridge Interface;c:\windows\system32\drivers\itpBridge.sys [2007-03-12 60726]
S3 ItpXdpLdr;Intel ITP-XDP Ldr Driver (itpxdpldr.sys);c:\windows\system32\Drivers\ItpxdpLdr.sys [2007-03-12 20480]
S3 ItpXdpSys;Intel ITP-XDP Driver (itpxdpsys.sys);c:\windows\system32\Drivers\ItpXdpSys.sys [2007-03-12 14208]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\DRIVERS\mosuport.sys [2008-10-07 855040]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-03-14 116416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f91262c-6aac-11dc-a793-001b775b8ea6}]
\Shell\AutoRun\command - f:\__stickydrive\StickyDrive.exe
\Shell\StickyDrive\Command - f:\__stickydrive\StickyDrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9aa6a62-522c-11dd-a7ee-001b775b8ea6}]
\Shell\AutoRun\command - F:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\BackupInc.job
- c:\windows\system32\ntbackup.exe [2004-08-04 15:00]

2008-12-04 c:\windows\Tasks\Weekly Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 15:00]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: {1268D7D0-80AF-42C0-B046-8510A379AA33} = 192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,192.168.100.60,192.168.100.62,68.94.156.1,68.94.157.1

c:\windows\UninstallVTPassage.exe - c:\windows\NESSLDrv.txt
c:\windows\NESSLDrv.sys
c:\windows\Downloaded Program Files\xtunnel.dll
c:\windows\Downloaded Program Files\CONFLICT.1\xtunnel.dll
O16 -: {68D8AAB2-C2A7-43F1-BA99-BE492EF7BF85}
hxxps://sslvpn.insydesw.com/XTunnel.cab
c:\windows\Downloaded Program Files\CONFLICT.1\XTunnel.inf

c:\windows\Downloaded Program Files\ErcdDigitalID.dll - O16 -: {6C310E2B-EB89-11D2-8500-0004ACEE8FFE}
hxxps://teal.intel.com/ecitr/IntelSign.cab
c:\windows\Downloaded Program Files\ercddigitalid.inf
FireFox -: Profile - c:\documents and settings\plesieur\Application Data\Mozilla\Firefox\Profiles\6me1ec3j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.americancatholic.org/
FF -: plugin - c:\program files\Google\Picasa3\npPicasa2.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 00:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????c??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1204)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\progra~1\Symantec\SYMANT~1\NscTop.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\dllhost.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-10 0:46:11 - machine was rebooted [david.edrich]
ComboFix-quarantined-files.txt 2008-12-10 06:46:08

Pre-Run: 525,246,464 bytes free
Post-Run: 470,831,104 bytes free

330 --- E O F --- 2008-11-16 22:15:54
SearchEngineBug is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:08 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85