Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Searches are redirecting!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 11-02-2009, 10:40 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 5
OS: windows xp service pack 3


Searches are redirecting!
Hello and thanks for reading this post:

Noticed two days ago my Google and Yahoo searches get redirected to various ad sites, also AVG blocks a trojan downloader that tries to open "spyware remover" malware. Tried MAMB in safe mode, says computer is clean but searches persistently get redirected. I can't seem to get rid of this one...thanks in advance for your help.
I cannot find the Windows CD...




DDS (Ver_09-10-26.01) - NTFSx86
Run by Ramon at 19:02:27.09 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.436 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ramon\Local Settings\Temporary Internet Files\Content.IE5\RB6BLOR1\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Shell=Explorer.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {8AAE1BCA-A973-423F-9232-7007D8CED2C7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [SansaDispatch] c:\documents and settings\ramon\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [<NO NAME>]
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [AtariBanner] "c:\program files\infogrames\atari anniversary edition\volume 2\Banner.exe" /0
mRun: [Advanced System Protector] "c:\program files\systweak\advanced system protector\ASP.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\ramon\startm~1\programs\startup\deltaf~1.lnk - c:\documents and settings\ramon\local settings\temp\{e4ba1106-3c92-4f61-8f74-e94089025709}\{6164d2e7-986b-42f5-b3a6-64d5e53fb889}\NOVG.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: cru629.dat c:\windows\system32\luruwono.dll c:\windows\system32\hezariza.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\dazimowe.dll c:\windows\system32\pepufebe.dll tokuvume.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-14 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-14 297752]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\m-audio\mobilepre\install\MPInst.exe [2007-1-1 49152]
R3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2007-1-1 32000]
R3 msvad_simple;WTMDriver;c:\windows\system32\drivers\WTMDriver.sys [2007-11-15 51072]
S2 Ca533av;DC-T23, WDM Video Capture;c:\windows\system32\drivers\ca533av.sys --> c:\windows\system32\drivers\Ca533av.sys [?]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\seagate\sync\seasyncservices.exe" --> c:\program files\seagate\sync\SeaSyncServices.exe [?]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\drivers\bulk533.sys --> c:\windows\system32\drivers\Bulk533.sys [?]
S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2003-5-23 35584]
S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2003-5-23 4224]

=============== Created Last 30 ================

2009-10-27 22:46:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 22:11:55 0 d-----w- c:\program files\Lavasoft
2009-10-27 04:49:59 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-10-27 04:45:37 0 d-----w- c:\windows\Logs
2009-10-27 04:22:19 186407 ----a-w- c:\windows\system32\nvapps.xml
2009-10-27 04:22:18 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-27 04:22:18 18070 ----a-w- c:\windows\system32\nvdisp.nvu
2009-10-27 04:22:18 0 d-----w- c:\windows\nview
2009-10-27 04:22:08 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-10-27 04:22:07 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-10-27 04:21:59 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-27 04:21:33 0 d-----w- C:\NVIDIA
2009-10-26 00:42:51 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-26 00:42:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-25 20:32:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 20:32:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 07:28:53 36864 ----a-w- c:\windows\system32\MD5.ocx
2009-10-25 07:28:53 0 d-----w- c:\program files\Safe_Mode_Fixer
2009-10-24 18:57:17 0 d-----w- c:\program files\CCleaner
2009-10-24 05:15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-09 00:19:22 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-09 00:19:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-08 05:14:09 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

==================== Find3M ====================

2009-09-22 04:12:55 4 ----a-w- C:\loadcounter.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-15 15:33:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-07 02:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-10-27 17:39:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat

============= FINISH: 19:04:26.85 ===============
Attached Files
File Type: zip Attach.zip (3.9 KB, 2 views)
Legacylover is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-06-2009, 05:36 AM   #2 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 181
OS: XP & Vista


Re: Searches are redirecting!
Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

=====================


Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
__________________
Last edited by Carolyn; 11-06-2009 at 05:51 AM.
Carolyn is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 08:35 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 5
OS: windows xp service pack 3


Re: Searches are redirecting!
Thanks for your response Carolyn! Here is the log.txt:

ComboFix 09-11-05.05 - Ramon 11/06/2009 19:10.1.1 - NTFSx86
Running from: c:\documents and settings\Ramon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\uninstall.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.231.98
Infected copy of c:\windows\System32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 03:19 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-07 03:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-27 22:46 . 2009-10-27 22:45 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 22:11 . 2009-10-27 22:11 -------- d-----w- c:\program files\Lavasoft
2009-10-27 04:49 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-10-27 04:45 . 2009-10-27 04:45 -------- d-----w- c:\windows\Logs
2009-10-27 04:22 . 2009-10-27 04:22 -------- d-----w- c:\windows\nview
2009-10-27 04:22 . 2008-05-16 21:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-27 04:22 . 2008-04-14 00:12 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-10-27 04:22 . 2004-08-04 05:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-10-27 04:21 . 2008-05-16 18:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-27 04:21 . 2009-10-27 04:21 -------- d-----w- C:\NVIDIA
2009-10-26 00:42 . 2009-10-26 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 00:42 . 2009-10-26 00:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 20:32 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 20:32 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 07:30 . 2008-04-14 00:12 188480 ----a-w- c:\windows\system32\dllcache\cfgwiz.exe
2009-10-25 07:30 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2009-10-25 07:30 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2009-10-25 07:30 . 2008-04-14 00:11 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-10-25 07:30 . 2008-04-14 00:11 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2009-10-25 07:30 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2009-10-25 07:30 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2009-10-25 07:28 . 2009-10-25 07:28 -------- d-----w- c:\program files\Safe_Mode_Fixer
2009-10-25 07:18 . 2009-10-25 07:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-24 19:09 . 2009-11-05 00:08 117760 ----a-w- c:\documents and settings\Ramon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-24 18:57 . 2009-10-24 18:57 -------- d-----w- c:\program files\CCleaner
2009-10-24 05:15 . 2009-10-30 06:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 23:23 . 2009-10-21 23:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 23:09 . 2009-10-21 23:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-09 00:19 . 2009-10-15 01:06 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-09 00:19 . 2009-10-15 01:06 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-08 05:14 . 2009-10-08 05:14 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 00:09 . 2009-01-16 00:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 02:00 . 2008-02-15 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-02 01:25 . 2009-01-16 05:45 1 ----a-w- c:\documents and settings\Ramon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-01 15:56 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_1.dat
2009-10-28 15:55 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_2.dat
2009-10-27 04:33 . 2009-01-15 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-25 20:32 . 2008-10-18 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 07:20 . 2008-06-03 02:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 06:12 . 2008-10-12 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-08 04:16 . 2006-12-30 02:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 03:14 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Chandra\Application Data\Malwarebytes
2009-09-28 16:11 . 2007-01-06 06:26 -------- d-----w- c:\documents and settings\Ramon\Application Data\AdobeUM
2009-09-22 20:30 . 2007-03-15 06:54 -------- d-----w- c:\documents and settings\Ramon\Application Data\GetRightToGo
2009-09-22 04:12 . 2009-09-22 04:12 4 ----a-w- C:\loadcounter.dat
2009-09-22 02:23 . 2008-01-26 21:17 1206 ----a-w- c:\windows\eReg.dat
2009-09-22 02:06 . 2007-10-02 21:16 -------- d-----w- c:\program files\EA GAMES
2009-09-21 21:56 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_4.dat
2009-09-21 18:50 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_3.dat
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44 . 2009-10-27 04:50 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44 . 2009-10-27 04:50 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:44 . 2009-10-27 04:50 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:29 . 2009-10-27 04:50 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 22:46 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_6.dat
2009-08-22 22:46 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_5.dat
2009-08-14 18:39 . 2009-08-14 18:40 79872 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2009-08-14 18:39 . 2009-08-14 18:39 541696 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2009-08-14 18:39 . 2009-08-14 18:39 354744 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
.

------- Sigcheck -------


[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"SansaDispatch"="c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-08-14 79872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-11-09 91136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AtariBanner"="c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-23 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"combofix"="c:\combofix\CF25316.exe" [2009-11-07 389120]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Web Page Maker V2\\WebPageMaker.exe"=
"c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\demartini\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Ca533av;DC-T23, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys [x]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [x]
R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys [x]
R3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2003-05-23 35584]
R3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIdrv.sys [2003-05-23 4224]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [2005-06-15 49152]
S3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [2005-11-10 32000]
S3 msvad_simple;WTMDriver;c:\windows\system32\drivers\WTMDriver.sys [2007-09-30 51072]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
Trusted Zone: turbotax.com
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
HKLM-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-Advanced System Protector - c:\program files\Systweak\Advanced System Protector\ASP.exe
HKLM-Run-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1972579041-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:48,d5,cd,39,55,f1,ef,af,c2,93,e6,99,e5,55,4b,1f,be,01,6d,9a,48,48,24,
57,ad,60,0b,30,8d,aa,02,96,79,db,ff,c9,58,b3,38,40,e5,65,e6,26,3d,24,c9,96,\
"??"=hex:f9,3c,4c,01,e5,1e,f9,46,76,91,6e,b9,de,50,8d,8b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-07 19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 03:31

Pre-Run: 3,992,272,896 bytes free
Post-Run: 4,052,570,112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=5 LastKnownGood=2 Sets=1,2,3,5
- - End Of File - - 09B666AADD1DC52A409DBA53B5768BAA
Legacylover is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 09:36 AM   #4 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 181
OS: XP & Vista


Re: Searches are redirecting!
Hello,

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code:
FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\system32\eventlog.dll

MIA::
c:\windows\system32\drivers\beep.sys
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

========================

Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

========================

Please post the following in your next reply:
  • The Combofix log
  • The Kaspersky log
  • A description of how your computer is behaving.
__________________
Carolyn is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 04:00 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 5
OS: windows xp service pack 3


Re: Searches are redirecting!
Hi Carolyn:

ComboFix 09-11-05.05 - Ramon 11/08/2009 7:39.2.1 - NTFSx86
Running from: c:\documents and settings\Ramon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ramon\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\beep.sys . . . is missing!!

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 15:39 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-08 15:39 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-07 03:19 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-07 03:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-27 22:46 . 2009-10-27 22:45 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 22:11 . 2009-10-27 22:11 -------- d-----w- c:\program files\Lavasoft
2009-10-27 04:49 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-10-27 04:45 . 2009-10-27 04:45 -------- d-----w- c:\windows\Logs
2009-10-27 04:22 . 2009-10-27 04:22 -------- d-----w- c:\windows\nview
2009-10-27 04:22 . 2008-05-16 21:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-27 04:22 . 2008-04-14 00:12 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-10-27 04:22 . 2004-08-04 05:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-10-27 04:21 . 2008-05-16 18:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-27 04:21 . 2009-10-27 04:21 -------- d-----w- C:\NVIDIA
2009-10-26 00:42 . 2009-10-26 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 00:42 . 2009-10-26 00:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 20:32 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 20:32 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 07:30 . 2008-04-14 00:12 188480 ----a-w- c:\windows\system32\dllcache\cfgwiz.exe
2009-10-25 07:30 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2009-10-25 07:30 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2009-10-25 07:30 . 2008-04-14 00:11 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2009-10-25 07:30 . 2008-04-14 00:11 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2009-10-25 07:30 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2009-10-25 07:30 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2009-10-25 07:28 . 2009-10-25 07:28 -------- d-----w- c:\program files\Safe_Mode_Fixer
2009-10-25 07:18 . 2009-10-25 07:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-24 19:09 . 2009-11-05 00:08 117760 ----a-w- c:\documents and settings\Ramon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-24 18:57 . 2009-10-24 18:57 -------- d-----w- c:\program files\CCleaner
2009-10-24 05:15 . 2009-10-30 06:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-21 23:23 . 2009-10-21 23:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-21 23:09 . 2009-10-21 23:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 00:09 . 2009-01-16 00:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 02:00 . 2008-02-15 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-02 01:25 . 2009-01-16 05:45 1 ----a-w- c:\documents and settings\Ramon\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-01 15:56 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_1.dat
2009-10-28 15:55 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_2.dat
2009-10-27 04:33 . 2009-01-15 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-25 20:32 . 2008-10-18 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 07:20 . 2008-06-03 02:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 06:12 . 2008-10-12 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-10-15 01:06 . 2009-10-09 00:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-15 01:06 . 2009-10-09 00:19 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-08 05:14 . 2009-10-08 05:14 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-08 04:16 . 2006-12-30 02:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 03:14 . 2009-10-02 03:14 -------- d-----w- c:\documents and settings\Chandra\Application Data\Malwarebytes
2009-09-28 16:11 . 2007-01-06 06:26 -------- d-----w- c:\documents and settings\Ramon\Application Data\AdobeUM
2009-09-22 20:30 . 2007-03-15 06:54 -------- d-----w- c:\documents and settings\Ramon\Application Data\GetRightToGo
2009-09-22 04:12 . 2009-09-22 04:12 4 ----a-w- C:\loadcounter.dat
2009-09-22 02:23 . 2008-01-26 21:17 1206 ----a-w- c:\windows\eReg.dat
2009-09-22 02:06 . 2007-10-02 21:16 -------- d-----w- c:\program files\EA GAMES
2009-09-21 21:56 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_4.dat
2009-09-21 18:50 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_3.dat
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 00:44 . 2009-10-27 04:50 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44 . 2009-10-27 04:50 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 00:44 . 2009-10-27 04:50 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 00:29 . 2009-10-27 04:50 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29 . 2009-10-27 04:50 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-06-23 19:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 22:46 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_6.dat
2009-08-22 22:46 . 2007-11-15 22:23 46 ----a-w- c:\windows\system32\WMPOutStream_5.dat
2009-08-14 18:39 . 2009-08-14 18:40 79872 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2009-08-14 18:39 . 2009-08-14 18:39 541696 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2009-08-14 18:39 . 2009-08-14 18:39 354744 ----a-w- c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-07_03.24.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 15:48 . 2009-11-08 15:48 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat
+ 2009-11-07 17:50 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-07 17:50 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2006-06-30 18:28 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll
+ 2006-11-08 05:03 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-07 17:50 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"SansaDispatch"="c:\documents and settings\Ramon\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-08-14 79872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-11-09 91136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"AtariBanner"="c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-23 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"combofix"="c:\combofix\CF2967.exe" [2009-11-08 389120]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Web Page Maker V2\\WebPageMaker.exe"=
"c:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\demartini\\counter-strike\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 11:06 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 55024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 MobilePreInstallerService;MobilePre Installer;c:\program files\M-Audio\MobilePre\Install\MPInst.exe [1/1/2007 12:30 AM 49152]
R3 ma763004;M-Audio MobilePre USB;c:\windows\system32\drivers\MA763004.sys [1/1/2007 12:30 AM 32000]
R3 msvad_simple;WTMDriver;c:\windows\system32\drivers\WTMDriver.sys [11/15/2007 2:21 PM 51072]
S2 Ca533av;DC-T23, WDM Video Capture;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\Drivers\Bulk533.sys --> c:\windows\system32\Drivers\Bulk533.sys [?]
S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [5/23/2003 1:54 PM 35584]
S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [5/23/2003 1:54 PM 4224]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
Trusted Zone: turbotax.com
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 07:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-1972579041-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:48,d5,cd,39,55,f1,ef,af,c2,93,e6,99,e5,55,4b,1f,be,01,6d,9a,48,48,24,
57,ad,60,0b,30,8d,aa,02,96,79,db,ff,c9,58,b3,38,40,e5,65,e6,26,3d,24,c9,96,\
"??"=hex:f9,3c,4c,01,e5,1e,f9,46,76,91,6e,b9,de,50,8d,8b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(916)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-08 8:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 16:01
ComboFix2.txt 2009-11-07 03:31

Pre-Run: 4,136,706,048 bytes free
Post-Run: 4,096,409,600 bytes free

Current=1 Default=1 Failed=5 LastKnownGood=2 Sets=1,2,3,5
- - End Of File - - AEE8F9664308A10FE83DBA1EBA96A416



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 8, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 08, 2009 15:36:11
Records in database: 3177034
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
Z:\

Scan statistics:
Objects scanned: 123797
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 0439


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.u 1

Selected area has been scanned.


Computer behavior: I had to uninstall avg to run combo fix, the free 8.5 version I had would not disable. Since i have no anti-virus, I am hesitant to see if the searches are still redirecting, I don't want to accidently download a virus. Other than that, computer is running fine, althoough Kapersky noted a trojan...

thanks for your continued help!
Legacylover is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2009, 04:26 PM   #6 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 181
OS: XP & Vista


Re: Searches are redirecting!
I won't have time to review your logs until tomorrow evening. In the meanwhile, please download and install an antivirus program.

AntiVir
Avast

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
__________________
Carolyn is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 12:53 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 5
OS: windows xp service pack 3


Re: Searches are redirecting!
Hi Carloyn,

I reinstalled AVG 9.0, and also noticed my google searches are no longer redirecting!

Looking forward to your reply. Thanks so much again for your time.
Legacylover is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2009, 07:23 PM   #8 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 181
OS: XP & Vista


Re: Searches are redirecting!
Logs look good.

There is one system file missing, beep.sys, and I can not find a replacement for it on your computer. Can you borrow a Windows XP Professional CD from someone?
__________________
Carolyn is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 11:55 AM   #9 (permalink)
Registered User
 
Join Date: Nov 2009
Posts: 5
OS: windows xp service pack 3


Re: Searches are redirecting!
Yes I can, probably tomorrow(wednesday)...

thanks for your continued help... I will reply back when I have the disc.
Legacylover is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-10-2009, 12:29 PM   #10 (permalink)
Analyst, Security Team
 
Carolyn's Avatar
 
Join Date: Mar 2007
Posts: 181
OS: XP & Vista


Re: Searches are redirecting!
Sounds like a plan
__________________
Carolyn is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:29 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85