|
|
|
Google Hijacking problem
|
|
|
ELG3366
Newbie
|
18. September 2008 @ 11:42 |
Link to this message
|
I am redirected when I use Google to search for webpages in IE and Firefox. Also, when I type web addresses directly into the address bar in these browsers, I get error messages.
Tried to follow the instructions in the "*** IMPORTANT *** - Must read before posting!" sticky post, but couldn't get very far.
I did Step One: Clean with ATF Cleaner, but in Step Two, Kaspersky Web Scanner tells me that my computer does not meet the requirements to run their program. I have Windows XP - Home Edition, Version 2002, Service Pack 3.
I didn't do anything else, figuring it would be better to first get help here than to proceed and screw things up further.
FYI: Here are the anti-malware programs that I'm currently running: NOD32, Spy Sweeper, Spybot S&D, Spyware Blaster. All are running right now.
As you can probably guess, I'm not the most computer literate person. However, I follow instructions well, learn quickly, and easily ask "stupid" questions as opposed to forging ahead blindly.
Thanks in advance to whomever takes on the task of helping me out.
|
|
Advertisement
|
|
|
|
Senior Member
|
19. September 2008 @ 08:36 |
Link to this message
|
Hi ELG3366
Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis.
Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
ELG3366
Newbie
|
19. September 2008 @ 10:12 |
Link to this message
|
This is what I came up with. I hope it's what you're looking for.
Thanks again for your help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:01 AM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\SDClient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\OEM05Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Michael Gerald\Desktop\HiJackThis\Scanner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SCREW DRIVER CLIENT] "C:\WINDOWS\system32\SDClient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM05Mon.exe] "C:\WINDOWS\OEM05Mon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 10456 bytes
|
Senior Member
|
19. September 2008 @ 10:48 |
Link to this message
|
Hey ELG3366
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
ELG3366
Newbie
|
19. September 2008 @ 12:54 |
Link to this message
|
Thanks, cdavfrew, for getting back to me so quickly.
Below is the ComboFix text report. I should tell you that while it was running, Spy Sweeper came on and started to scan. I'd forgotten that I'd previously set it for a regular automatic scan that happened to be during the time I was running ComboFix. I stopped it immediately, and ComboFix kept running. Even so, I don't know whether this will make a difference to the effectiveness of the CFix report or not.
ComboFix 08-09-16.05 - Michael Gerald 2008-09-19 8:51:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.158 [GMT -7:00]
Running from: C:\Documents and Settings\Michael Gerald\Desktop\Combo-Fix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\windows_update.exe
.
---- Previous Run -------
.
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.
2008-09-17 18:29 . 2008-09-18 07:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 18:28 . 2008-09-17 18:30 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Program Files\Tall Emu
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\OnlineArmor
2008-09-17 17:22 . 2008-09-19 08:46 <DIR> d-------- C:\Documents and Settings\Michael Gerald\Application Data\OnlineArmor
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-09-17 17:22 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys
2008-09-17 17:22 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys
2008-09-17 17:22 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oanet.sys
2008-09-17 16:08 . 2008-09-17 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-17 15:46 . 2008-09-17 15:46 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-17 15:46 . 2008-09-17 15:51 <DIR> d-------- C:\Program Files\CCleaner
2008-09-17 15:35 . 2008-09-17 15:35 <DIR> d--hs---- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrivacIE
2008-09-17 15:14 . 2008-09-17 15:14 <DIR> d-------- C:\f7e6581c3663fa4d05c9df385111684a
2008-09-17 13:55 . 2008-09-17 13:56 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-16 17:49 . 2008-09-16 17:49 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-09-16 17:49 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-09-16 16:11 . 2008-09-16 16:11 164 --a------ C:\install.dat
2008-09-16 14:32 . 2008-09-16 14:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Program Files\Webroot
2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Documents and Settings\Michael Gerald\Application Data\Webroot
2008-09-16 14:30 . 2008-09-16 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-09-16 14:30 . 2008-08-09 16:04 1,538,928 --a------ C:\WINDOWS\WRSetup.dll
2008-09-16 02:13 . 2008-09-16 10:48 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 09:38 . 2008-09-16 15:28 160 --a------ C:\Documents and Settings\Michael Gerald\xrt_log.dat
2008-09-13 23:33 . 2008-09-13 23:33 39,424 --a------ C:\Documents and Settings\Michael Gerald\xrt_vctc.exe
2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-08-29 06:44 . 2008-08-29 06:44 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 06:41 . 2008-08-29 06:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-29 06:33 . 2008-08-29 06:33 <DIR> d-------- C:\WINDOWS\EHome
2008-08-28 09:59 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-08-28 09:59 . 2008-04-13 17:12 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-08-28 09:59 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-08-28 09:59 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-08-28 09:59 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv10nt.sys
2008-08-28 09:59 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv06nt.sys
2008-08-28 09:57 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\SYSTEM32\ati3duag.dll
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\SYSTEM32\PrivacIE.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 23:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-17 22:27 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\Lavasoft
2008-09-17 20:34 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\InstallShield
2008-09-17 19:50 --------- d-----w C:\Program Files\ESET
2008-09-17 04:59 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\Canon
2008-09-16 22:22 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-16 22:22 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\SUPERAntiSpyware.com
2008-09-15 18:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-15 18:17 --------- d-----w C:\Documents and Settings\Michael Gerald\Application Data\AdobeUM
2008-09-14 06:34 507,904 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
2008-09-14 06:34 295,424 ----a-w C:\WINDOWS\SYSTEM32\termsrv.dll
2008-08-22 10:16 637,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-22 10:10 11,985,408 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-08-22 10:09 5,699,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
2008-08-22 10:08 236,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2008-08-22 10:08 1,206,784 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-08-22 10:07 755,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
2008-08-22 10:07 193,536 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\SYSTEM32\corpol.dll
2008-08-22 10:07 116,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2008-08-22 10:07 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2008-08-22 10:05 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2008-08-22 10:05 630,272 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2008-08-22 10:05 61,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-08-22 10:05 580,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-08-22 10:05 53,760 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
2008-08-22 10:05 45,056 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
2008-08-22 10:05 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2008-08-22 10:05 217,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2008-08-22 10:05 186,880 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
2008-08-22 10:00 68,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
2008-08-22 09:42 443,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-08-14 03:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-14 03:29 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-08-14 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-08-12 00:14 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-09 21:42 29,808 ----a-w C:\WINDOWS\system32\drivers\ssfs0bbc.sys
2008-08-09 21:42 23,152 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-08-09 21:42 166,512 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-08-06 19:37 --------- d-----w C:\Program Files\Apple Software Update
2008-08-06 19:36 --------- d-----w C:\Program Files\iTunes
2008-08-06 19:36 --------- d-----w C:\Program Files\iPod
2008-08-06 00:55 265,720 ----a-w C:\WINDOWS\SYSTEM32\msdbg2.dll
2008-08-04 06:11 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-20 00:01 --------- d-----w C:\Program Files\Java
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\WUPS.DLL
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-25 01:12 295,936 ------w C:\WINDOWS\SYSTEM32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 16:57 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2006-01-19 21:59 630,784 -c--a-w C:\Documents and Settings\Michael Gerald\chatlnk.exe
2006-06-16 03:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 01:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 21:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 20:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 19:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-11 01:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 18:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 18:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 18:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 18:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-05-31 19:20 75 --sh--r C:\WINDOWS\CT4CET.bin
.
------- Sigcheck -------
2004-08-04 03:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-09-13 23:34 507904 3969440ba384d35317dbbdeeaae641ce C:\WINDOWS\SYSTEM32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 86016]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SCREW DRIVER CLIENT"="C:\WINDOWS\system32\SDClient.exe" [2002-04-12 610816]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 949376]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM05Mon.exe"="C:\WINDOWS\OEM05Mon.exe" [2007-05-08 36864]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 5545536]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-02-13 94208]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-05-05 24576]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-01-08 118784]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\SYSTEM32\\SDClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 ssfs0bbc;ssfs0bbc;C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys [2008-08-09 29808]
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-05 9600]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 80584]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 32456]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 28872]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys [2002-05-22 7552]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\WINDOWS\system32\Drivers\OEM05Afx.sys [2007-06-07 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys [2007-03-05 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys [2007-07-19 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 WLIU2KG125S;BUFFALO WLI-U2-KG125S Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S0 epstwnt;epstwnt;C:\WINDOWS\system32\Drivers\epstwnt.mpd [ ]
S2 SHARSHTL;Shuttle Sharer;C:\WINDOWS\system32\Drivers\sharshtl.sys [ ]
S2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-04-17 5435968]
S3 DS2490;DS2490 (USB Host for 1-Wire Microlan);C:\WINDOWS\system32\Drivers\DS2490.sys [2000-12-18 49108]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Michael Gerald\Application Data\Mozilla\Firefox\Profiles\iixaux6z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://home.iwon.com/?v=1
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 09:27:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\epstwnt]
"ImagePath"="System32\Drivers\epstwnt.mpd"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Citrix\ICA Client\pnsson.dll
.
Completion time: 2008-09-19 9:41:09
ComboFix-quarantined-files.txt 2008-09-19 16:40:37
Pre-Run: 55,930,179,584 bytes free
Post-Run: 55,920,816,128 bytes free
268 --- E O F --- 2008-09-10 06:30:47
|
|
ELG3366
Newbie
|
19. September 2008 @ 20:31 |
Link to this message
|
Update: Both Firefox and IE are working properly now. Also, the computer is no longer running slowly or freezing. However, if you think there's more work to be done, I'm more than happy to keep moving forward.
Also, quick question: Should I leave ComboFix and HijackThis on my computer, or should I uninstall those?
Thanks so much for all your help. I hope to stay on top of these things and to not have more problems in the future.
|
|
Advertisement
|
|
|
Senior Member
|
21. September 2008 @ 05:04 |
Link to this message
|
|
You look clean!
There's no more work to be done, and it is recommended to uninstall Combofix. To uninstall Combofix, go to Start, Run, and type in Combofix /u. That should do it. Enjoy your clean computer!
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
