Question

Hijack this Log File Browser redirects

Asked by: mdrcoast

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:10 PM, on 10/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Caymas\Secure Connect\cscservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Messenger Detect\mdsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Michael\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} (Caymas Secure Tunnel) - https://64.66.79.197/ui/Axt.cab
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} (Secure Connect) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Secure Connect (CSCService) - Caymas Systems, Inc. - C:\Program Files\Caymas\Secure Connect\cscservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mdsrv - formessengers.com - C:\Program Files\Messenger Detect\mdsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15391 bytes

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-10-24 at 13:20:25ID24840931
Tags

Hijack This Spyware Malware

Topics

HijackThis Software

,

Anti-Spyware

Participating Experts
3
Points
250
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. find4u.net IE hijacking
    I am having trouble removing a virus which has hijacked my start page and also inserted a number of web sites into my favorites. Below is my Hijack this scan log. Any assistance would be greatly appreciated - I've been working on this for far too long. Logfile of HijackThis ...
  2. Hijackthis Log
    Keep getting popups. I ran Ad Aware Se and Spybot SD 1.3 but I am still getting them. Here is my Hijackthis log Logfile of HijackThis v1.97.7 Scan saved at 6:09:55 AM, on 12/2/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180...
  3. Another Hijacking Issue... please help.  HijackThis Log …
    Hello - I have seen that a lot of people are having problems with their IE6 Windows being Hijacked... I'm part of the club. Specifically, it happens to me when I do a Google search, then click on a result... For some reason I'm redirected from where I clicked to some adver...
  4. HijackThis log
    Can someone tell me if anything from this hijackthis log needs to be removed? Even with firewall and anti-virus running I still got hit with adware and a virus. I already removed kernels32.exe from a previous hijackthis log and ran ad-aware in safe mode. But I'm still having ...
  5. Hijackthis Log
    Ok I scanned my computer with hijack this here is the log: I get popups like crazy on this computer!!!! What needs deleted? Logfile of HijackThis v1.99.1 Scan saved at 3:08:23 AM, on 8/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6....

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: optomaPosted on 2009-10-24 at 14:04:41ID: 25654355

Fix these:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Michael\LOCALS~1\Temp\b.exe

Run Atf cleaner by Atribune to cleanup unneeded temp files:
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

Then scan with Malwarebytes http://www.malwarebytes.org/mbam-download.php

See how you get on:)

 

by: rpggamergirlPosted on 2009-10-25 at 04:42:20ID: 25656326

If the problem persists, also run Combofix and attach the logfile for us to check. Some nasties can also hide from the hijackthis scan.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run, re-download and rename before saving to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


 

by: mdrcoastPosted on 2009-10-25 at 09:28:20ID: 25657109

Thanks,  The windows police pro did not show up until I ran it the first time.  I have run all the suggestions and did not get any pop ups but about one in three google results would redirect to random sites.  

ComboFix 09-10-24.06 - Michael 10/25/2009 11:15.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3583.2907 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix1.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Michael\Application Data\Logs\scns.log
c:\documents and settings\Michael\CFPRO.REG
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\Windows Police Pro.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\clrviddc.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\nuar.old
c:\windows\system32\pump.exe
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\skynet.dat
 
.
(((((((((((((((((((((((((   Files Created from 2009-09-25 to 2009-10-25  )))))))))))))))))))))))))))))))
.
 
2009-10-25 15:44 . 2008-04-13 18:40	96512	-c--a-w-	c:\windows\system32\dllcache\atapi.sys
2009-10-25 15:44 . 2008-04-13 18:40	96512	----a-w-	c:\windows\system32\drivers\atapi.sys
2009-10-25 15:37 . 2009-10-25 16:05	--------	d-----w-	C:\ComboFix1
2009-10-25 15:34 . 2009-10-25 15:37	--------	d-----w-	C:\ComboFix
2009-10-25 14:52 . 2009-10-25 15:24	58	----a-w-	c:\windows\wp4.dat
2009-10-25 14:52 . 2009-10-25 15:24	1	----a-w-	c:\windows\wp3.dat
2009-10-24 21:19 . 2009-10-24 21:19	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\Malwarebytes
2009-10-24 21:19 . 2009-09-10 19:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 21:19 . 2009-10-24 21:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-24 21:19 . 2009-09-10 19:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-10-24 21:19 . 2009-10-24 21:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-24 20:11 . 2009-10-24 20:11	--------	d-----w-	c:\program files\Sophos
2009-10-21 00:41 . 2009-10-21 00:41	--------	d-----w-	c:\program files\iEvony
2009-10-18 23:49 . 2009-10-18 23:50	--------	d-----w-	c:\program files\Total Recall Software
2009-10-18 23:05 . 2009-10-18 23:05	--------	d-----w-	c:\program files\Western Digital Corporation
2009-10-17 12:25 . 2009-04-02 23:08	50192	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2009-10-17 12:25 . 2009-04-02 23:08	50192	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2009-10-17 12:25 . 2009-04-02 23:08	153104	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-10-17 12:25 . 2009-10-19 10:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trend Micro
2009-10-17 12:20 . 2009-05-22 07:45	1220120	----a-w-	c:\windows\system32\drivers\vsapint.sys
2009-10-17 12:20 . 2009-03-03 09:08	335376	----a-w-	c:\windows\system32\drivers\TM_CFW.sys
2009-10-17 12:20 . 2009-05-22 08:02	225296	----a-w-	c:\windows\system32\drivers\tmxpflt.sys
2009-10-17 12:20 . 2009-05-22 08:00	36368	----a-w-	c:\windows\system32\drivers\tmpreflt.sys
2009-10-17 12:20 . 2009-03-03 23:12	80400	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2009-10-17 11:26 . 2009-10-25 16:04	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\Logs
2009-10-11 19:28 . 2009-10-11 19:28	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\Office Genuine Advantage
2009-10-06 00:01 . 2009-10-06 00:01	237568	----a-w-	c:\windows\system32\rmc_rtspdl.dll
2009-10-06 00:01 . 2009-10-06 00:01	156672	----a-w-	c:\windows\system32\rmc_fixasf.exe
2009-10-06 00:00 . 2009-10-06 00:00	--------	d-----w-	c:\documents and settings\Michael\Local Settings\Application Data\mdnslib
2009-10-06 00:00 . 2009-10-25 10:07	--------	d-----w-	c:\documents and settings\Michael\Local Settings\Application Data\FLVService
2009-10-06 00:00 . 2009-10-06 11:07	--------	d-----w-	c:\program files\Replay Media Catcher
2009-10-06 00:00 . 2009-10-06 00:00	--------	d-----w-	c:\windows\Replay Media Catcher
2009-10-05 23:50 . 2009-10-05 23:50	--------	d-----w-	c:\windows\Replay Video Capture
2009-10-05 23:42 . 2009-10-05 23:43	--------	d-----w-	C:\flvrecorder
2009-10-05 23:12 . 2009-10-05 23:40	--------	d-----w-	C:\hidownload
2009-10-03 17:20 . 2009-10-03 17:20	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\Citrix
2009-10-01 23:42 . 2009-10-01 23:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Citrix
2009-10-01 23:41 . 2009-10-01 23:41	--------	d-----w-	c:\documents and settings\Michael\Local Settings\Application Data\Citrix
2009-10-01 23:41 . 2009-10-01 23:41	--------	d-----w-	c:\program files\Citrix
2009-10-01 23:39 . 2009-10-01 23:39	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\Download Manager
2009-09-30 01:57 . 2009-09-30 01:57	--------	d-----w-	c:\program files\FLV Player
2009-09-27 23:56 . 2009-09-27 23:56	--------	d-----w-	c:\windows\system32\Messenger Detect
2009-09-26 02:01 . 2009-09-26 02:03	--------	d-----w-	c:\windows\system32\config\systemprofile\Application Data\Messenger Detect
2009-09-26 02:01 . 2009-10-05 23:42	--------	d-----w-	c:\program files\WinPcap
2009-09-26 02:01 . 2009-09-26 02:01	--------	d-----w-	c:\program files\Messenger Detect
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 20:54 . 2007-03-26 01:13	--------	d-----w-	c:\program files\Common Files\Adobe
2009-10-24 20:11 . 2007-11-27 01:30	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-10-24 19:46 . 2007-11-27 01:18	--------	d-----w-	c:\program files\Common Files\AVSMedia
2009-10-24 19:45 . 2007-11-27 01:17	--------	d-----w-	c:\program files\AVS4YOU
2009-10-17 12:34 . 2007-03-29 02:42	--------	d-----w-	c:\program files\Trend Micro
2009-10-17 12:16 . 2008-12-28 07:09	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\DNA
2009-10-17 11:45 . 2008-12-28 07:09	--------	d-----w-	c:\program files\DNA
2009-10-17 11:41 . 2009-10-17 11:41	0	----a-w-	c:\documents and settings\Michael\ntuser.tmp
2009-10-16 04:23 . 2007-03-30 23:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-28 21:15 . 2009-08-21 11:21	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\HpUpdate
2009-09-11 14:18 . 2005-11-01 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 08:15 . 2008-02-24 17:43	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-08 23:13 . 2009-09-08 23:13	65584	----a-w-	c:\windows\system32\drivers\ctxusbm.sys
2009-09-05 09:28 . 2007-08-27 22:41	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-09-05 09:28 . 2009-09-05 09:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-05 09:23 . 2007-08-26 00:40	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-09-05 09:23 . 2007-08-26 00:39	--------	d-----w-	c:\docume~1\Michael\APPLIC~1\SystemRequirementsLab
2009-09-05 09:01 . 2009-09-05 08:49	--------	d-----w-	c:\documents and settings\admin\Application Data\Subversion
2009-09-05 08:50 . 2007-08-19 16:21	83392	----a-w-	c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-04 21:03 . 2005-11-01 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-11-01 12:00	832512	----a-w-	c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-11-01 12:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-11-01 12:00	17408	----a-w-	c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2005-11-01 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-17 08:04 . 2009-08-17 08:04	2173472	----a-w-	c:\windows\system32\nvcplui.exe
2009-08-17 08:04 . 2009-08-17 08:04	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-08-17 08:03 . 2009-08-17 08:03	3170304	----a-w-	c:\windows\system32\nvwss.dll
2009-08-17 08:03 . 2009-08-17 08:03	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-08-17 08:03 . 2009-08-17 08:03	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-08-17 08:03 . 2009-08-17 08:03	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-08-17 08:03 . 2009-08-17 08:03	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-08-17 08:03 . 2009-08-17 08:03	4923392	----a-w-	c:\windows\system32\nvdisps.dll
2009-08-17 08:03 . 2009-08-17 08:03	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-08-17 08:03 . 2009-08-17 08:03	168004	----a-w-	c:\windows\system32\nvsvc32.exe
2009-08-17 08:03 . 2009-08-17 08:03	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-08-17 08:03 . 2009-08-17 08:03	13877248	----a-w-	c:\windows\system32\nvcpl.dll
2009-08-17 08:02 . 2009-08-17 08:02	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-08-17 05:57 . 2009-08-17 05:57	2189856	----a-w-	c:\windows\system32\nvcuvid.dll
2009-08-17 05:57 . 2009-08-17 05:57	1706528	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-08-17 05:57 . 2009-08-17 05:57	1597690	----a-w-	c:\windows\system32\nvdata.bin
2009-08-17 05:57 . 2008-10-07 19:33	2002944	----a-w-	c:\windows\system32\nvcuda.dll
2009-08-17 05:57 . 2007-03-25 16:11	485920	----a-w-	c:\windows\system32\nvudisp.exe
2009-08-17 05:57 . 2007-03-25 16:10	10457088	----a-w-	c:\windows\system32\nvoglnt.dll
2009-08-17 05:57 . 2007-03-25 16:10	868352	----a-w-	c:\windows\system32\nvapi.dll
2009-08-17 05:57 . 2007-03-25 16:10	155648	----a-w-	c:\windows\system32\nvcodins.dll
2009-08-17 05:57 . 2007-03-25 16:10	155648	----a-w-	c:\windows\system32\nvcod.dll
2009-08-17 05:57 . 2007-03-25 16:10	7729568	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-08-17 05:57 . 2007-03-25 16:10	5845760	----a-w-	c:\windows\system32\nv4_disp.dll
2009-08-11 17:35 . 2007-03-25 16:04	485920	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-08-07 00:24 . 2007-03-25 12:18	327896	----a-w-	c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2007-03-25 12:18	209632	----a-w-	c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-03-25 12:18	35552	----a-w-	c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 10:16	44768	----a-w-	c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2007-03-25 12:18	53472	----a-w-	c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2005-11-01 12:00	96480	----a-w-	c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2007-03-25 12:18	575704	----a-w-	c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2007-03-30 23:36	274288	----a-w-	c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2007-03-30 23:36	215920	----a-w-	c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2007-03-25 12:18	1929952	----a-w-	c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-11-01 12:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-11-01 12:00	2145280	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59	2023936	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07	403816	----a-w-	c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07	322928	----a-w-	c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07	230768	----a-w-	c:\windows\system32\OGAEXEC.exe
2007-03-26 19:17 . 2007-05-19 17:36	149008	----a-w-	c:\program files\mozilla firefox\components\WRSForFireFox.dll
2009-09-13 04:05 . 2009-09-13 04:05	124240	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2009-09-13 04:06	13136	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2009-09-13 04:06	70488	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2009-09-13 04:06	91480	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2009-09-13 04:06	22360	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2009-09-13 04:07	255312	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2009-09-13 04:06	31064	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2009-09-13 04:06	40280	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2009-08-14 18:33	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2009-09-13 04:06	23896	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 14:26	80384	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-24 1217808]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-10 68856]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-10-17 497008]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-12-06 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"dvd43"="c:\program files\dvd43\DVD43_Tray.exe" [2007-11-20 731136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-17 185872]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-03-06 16858112]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-10-17 497008]
 
c:\documents and settings\Michael\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OneNote Table Of Contents.onetoc2 [2009-3-14 3656]
 
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-12 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-30 122880]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Michael\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ABIT\\FlashMenu\\FlashMenu.exe"=
"c:\\Program Files\\U-ABIT\\FlashMenu\\flashmenu.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mdrcoast\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19688:TCP"= 19688:TCP:BitComet 19688 TCP
"19688:UDP"= 19688:UDP:BitComet 19688 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 6:13 PM 65584]
R2 CSCService;Secure Connect;c:\program files\Caymas\Secure Connect\cscservice.exe [4/13/2009 6:27 PM 132096]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/20/2009 11:48 PM 55152]
R2 mdsrv;mdsrv;c:\program files\Messenger Detect\mdsrv.exe [9/14/2009 8:33 AM 401408]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [10/17/2009 7:20 AM 36368]
R3 CymsVa;Secure Connect Virtual Adapter;c:\windows\system32\drivers\CymsVa.sys [4/13/2009 6:27 PM 8320]
R3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [10/17/2009 7:20 AM 335376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/17/2009 7:25 AM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [10/17/2009 7:25 AM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [10/17/2009 7:25 AM 677128]
S3 CYMSPLG;Cyms DNE Plugin;c:\progra~1\Caymas\SECURE~1\CYMSPLG.sys [4/13/2009 6:27 PM 67712]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\CAC.tmp --> c:\windows\system32\CAC.tmp [?]
S3 Neservrsvh;Neservrsvh; [x]
S4 crd;crd;c:\docume~1\Michael\LOCALS~1\Temp\IXP001.TMP\poststp.exe --> c:\docume~1\Michael\LOCALS~1\Temp\IXP001.TMP\poststp.exe [?]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
 
2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} - hxxps://64.66.79.197/ui/Axt.cab
DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE}
FF - ProfilePath - c:\docume~1\Michael\APPLIC~1\Mozilla\Firefox\Profiles\es6q0qpp.default\
FF - plugin: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\es6q0qpp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
 
AddRemove-Fraps - c:\fraps\uninstall.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 11:20
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\C-DillaCdaC11BA]
"ImagePath"=""
 
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CAC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_USERS\S-1-5-21-1343024091-963894560-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ed,6c,bd,2b,1e,36,da,83,a0,e6,00,2d,75,bd,00,f0,89,87,69,cf,ec,69,c3,
   a8,eb,38,72,ab,43,5b,74,34,28,a3,a4,ef,88,27,e6,46,5f,9e,28,5e,c2,6c,18,4e,\
"??"=hex:27,60,66,0a,4e,7e,7a,ac,69,4f,e0,3f,36,05,ee,92
 
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2009-10-25 11:22
ComboFix-quarantined-files.txt  2009-10-25 16:22
 
Pre-Run: 54,200,020,992 bytes free
Post-Run: 54,145,060,864 bytes free
 
- - End Of File - - 7D2FEE84CEFC5DAA81EA33C7F336B8CF
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:

Select allOpen in new window

 

by: optomaPosted on 2009-10-25 at 14:38:11ID: 25658488

Wait for Combofix's logfile to be checked out :)

If stil no progress, only after above has been reviewed by Rpggamergirl you can try running this as an alternative:

                ..............................................................................................
Kaspersky live cd http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

--It is in iso/image format so you will have to burn it to a cd.
--Once the cd is created, boot the infected machine to that cd and scan your system
NB-Update the virus database in live cd before scanning.



Also, do you have your installation media?
If so you may have to do a repair installation afterwards, depending on what infected files are removed:
http://michaelstevenstech.com/XPrepairinstall.htm

 

by: mdrcoastPosted on 2009-10-25 at 19:29:15ID: 25659429

Actually it looks to be running fine now....No Redirects or pop ups.

 

by: rpggamergirlPosted on 2009-10-25 at 22:12:34ID: 25659753

No redirects or pop ups, that's great!
Combofix log also looks clean.

When you're done with Combofix you may uninstall it.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /u

Uninstallation will delete the created backups and reset System Restore(creates one restore point).

 

by: mdrcoastPosted on 2009-10-26 at 16:28:22ID: 25668041

Thanks!!!!!!

 

by: optomaPosted on 2009-10-26 at 16:45:07ID: 25668125

No prob!

 

by: rpggamergirlPosted on 2009-10-27 at 06:06:31ID: 25671922

You're welcome!

Thank you for using Experts-Exchange! :)

 

by: mike2747Posted on 2009-11-20 at 19:00:09ID: 25876225

I just wanted to let everyone know what worked for me when I was in this situation with a PC I was working on.

The following programs were up to date and reported NO problems- Combofix, Malwarebytes, Spybot, Microsoft MSRT, SuperAntiSpyware.

I then found Dr. Web's CureIT (http://majorgeeks.com/Dr.Web_CureIT_d4783.html) and it revealed that explorer.exe and atapi.sys were infected. I HIGHLY recommend running this tool to fix search engine redirects!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...