BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Occasional re-direct virus
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Occasional re-direct virus  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Occasional re-direct virus
[ << Previous Thread | Next Thread >> ]

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/23/2009 5:23 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
First off, I want to say I think what you guys are doing is just amazing, extremely helpful, I am very thankful for any help you can offer.
 
So the symptons i'm noticing from what I recently got on my computer are weird.
 
It takes a good 1-2 minutes after having turned on my computer before the internet will work. (before, instantly)
 
Occasionaly when using yahoo to search, clicking a link, it will re-direct me to something which I did not click.
 
and sometimes my computer will pop up with this message the procedure entry point _resetskoflw could not be located in the dynamic link library msvcrt.dll. I do not know the trigger, I can't really duplicate it.
 
I know exactly where I was when it happened, I still know link I clicked that caused this.
 
My computer performance is still fine, all my usual applications run fine, etc. I can't run free online virus scans, I tried malwarebytes, but it won't start, combofix blue screens and reboots me as soon as it says "it will take about 10 minutes" to scan. *With malwarebytes, I got it from clicking a link posted by a mod in another thread, I wasn't sure if it was supposed to come with FIX, mine didn't. Maybe I'm doing something stupid here.
 
I was able to get a hijack this log. I read what looked like a similar issue to this on these forums, but alas, the directions to what looked like replacing the msvcrt.dll might of been too complex for me.
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:38 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\FIX\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS1\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS3\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CS4\Services\Tcpip\..\{075716F7-550A-4724-9009-F11A9400E018}: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\WINDOWS\system32\msihost.exe (file missing)
--
End of file - 8748 bytes
 

Post Edited (RickB) : 23-08-2009 02:28:57 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/23/2009 6:48 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Hello RickB smile
 
 
We´ll try combofix again, slightly different.
 
Please download combofix here ->
Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.
 
Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please post it to your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Nb. It is possible you´ll have to run combofis from safe mode



Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/23/2009 7:02 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Thank you for the reply! When I tried it, the same thing happened, only for a brief second it looked like it said "unknown hard error" right before it blue screened me.

Booted it into safe mode, renamed it to alg, then tried it again, and it just re-strated, I didn't even see a blue screen.

Right as it looks like it's about to scan, it just reboots.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/23/2009 7:43 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Ok. We´ll try this scanner then ->
 
 
 to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility.

When the scan has finished, two logs will open.
Copy and paste both reports in this topic.
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.



Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/23/2009 7:58 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Here is the DDS log
 
DDS (Ver_09-07-30.01) - NTFSx86 
Run by Administrator at 21:56:43.01 on Sat 08/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2899 [GMT -7:00]
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)   {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled*   {4055920F-2E99-48A8-A270-4243D2B8F242}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.124,85.255.112.233
TCP: {075716F7-550A-4724-9009-F11A9400E018} = 85.255.112.124,85.255.112.233
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-26 24652]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-4-18 1310720]
S2 Windows MSI;Windows MSI;\\?\globalroot\systemroot\system32\msihost.exe [2009-8-21 84992]
S3 cpuz130;cpuz130;\??\c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
=============== Created Last 30 ================
2009-08-22 21:08 389,120 a------- c:\windows\system32\CF21916.exe
2009-08-22 21:08 <DIR> --ds---- C:\ComboFix
2009-08-22 20:57 389,120 a------- c:\windows\system32\CF19767.exe
2009-08-22 20:54 389,120 a------- c:\windows\system32\CF19310.exe
2009-08-22 20:02 168,448 a------- c:\windows\system32\unrar.dll
2009-08-22 20:02 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-08-22 19:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 19:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-22 19:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-22 18:55 389,120 a------- c:\windows\system32\CF28752.exe
2009-08-22 18:51 <DIR> --d----- c:\program files\CCleaner
2009-08-22 18:21 0 a------- c:\windows\MEMORY.DMP
2009-08-22 18:09 <DIR> --dshr-- C:\cmdcons
2009-08-22 18:09 <DIR> --d----- c:\windows\setup.pss
2009-08-22 18:00 <DIR> --d----- c:\windows\system32\NtmsData
2009-08-22 17:47 389,120 a------- c:\windows\system32\CF15425.exe
2009-08-22 17:47 <DIR> --ds---- C:\321
2009-08-22 17:39 389,120 a------- c:\windows\system32\CF13779.exe
2009-08-22 17:37 <DIR> --d-h--- c:\windows\PIF
2009-08-22 17:33 389,120 a------- c:\windows\system32\CF12662.exe
2009-08-22 17:28 229,376 a------- c:\windows\PEV.exe
2009-08-22 17:28 161,792 a------- c:\windows\SWREG.exe
2009-08-22 17:28 98,816 a------- c:\windows\sed.exe
2009-08-22 17:28 389,120 a------- c:\windows\system32\CF11663.exe
2009-08-22 17:22 <DIR> --d----- c:\docume~1\admini~1\applic~1\BitDefender
2009-08-22 01:44 132 a------- c:\windows\system32\rezumatenoi.dat
2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-08-21 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-08-21 20:30 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-08-21 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-08-21 20:24 <DIR> --d----- c:\program files\common files\BitDefender
2009-08-21 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-21 19:15 <DIR> --d----- C:\54b047081621ee4cb988526948
2009-08-21 18:38 3,532 a------- C:\drmHeader.bin
2009-08-21 18:12 84,992 a------- c:\windows\system32\msihost.exe
2009-08-19 19:48 <DIR> --d----- c:\program files\iPod
2009-08-19 19:48 <DIR> --d----- c:\program files\iTunes
2009-08-19 19:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-13 16:32 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 16:32 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-08 15:13 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-08-08 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-08-08 15:12 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-08-08 15:12 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
==================== Find3M  ====================
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 143,360 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-14 11:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 11:54 7,741,664 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 11:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 11:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 11:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 11:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 11:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 11:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-29 09:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 09:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 09:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-01-11 14:44 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
============= FINISH: 21:56:59.04 ===============
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here is the Attach log
 
 
 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/18/2008 10:33:50 AM
System Uptime: 8/22/2009 9:09:09 PM (0 hours ago)
Motherboard: ASUSTeK Computer INC. |  | M2N-SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket AM2  | 3116/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 320.458 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Description: AMD K8 Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_0
Manufacturer: Advanced Micro Devices
Name: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_0
Service: AmdK8
Class GUID: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Description: AMD K8 Processor
Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1
Manufacturer: Advanced Micro Devices
Name: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
PNP Device ID: ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_107\_1
Service: AmdK8
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_6377\920321111113
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_6377\920321111113
Service: USBSTOR
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
==== System Restore Points ===================
RP260: 5/26/2009 4:26:52 PM - System Checkpoint
RP261: 5/28/2009 5:11:36 PM - System Checkpoint
RP262: 5/31/2009 3:42:38 PM - System Checkpoint
RP263: 6/2/2009 6:03:28 PM - System Checkpoint
RP264: 6/2/2009 8:29:22 PM - Installed The Sims 3
RP265: 6/4/2009 4:59:07 PM - System Checkpoint
RP266: 6/9/2009 5:48:03 PM - Software Distribution Service 3.0
RP267: 6/9/2009 5:58:25 PM - Installed Java(TM) 6 Update 14
RP268: 6/13/2009 2:03:22 PM - System Checkpoint
RP269: 6/15/2009 7:14:54 PM - System Checkpoint
RP270: 6/29/2009 8:46:21 PM - System Checkpoint
RP271: 7/6/2009 5:06:05 PM - System Checkpoint
RP272: 7/8/2009 4:27:09 PM - Software Distribution Service 3.0
RP273: 7/9/2009 7:14:59 PM - System Checkpoint
RP274: 7/11/2009 3:40:46 AM - System Checkpoint
RP275: 7/11/2009 6:54:35 PM - Installed Windows XP WgaNotify.
RP276: 7/14/2009 10:47:04 PM - Software Distribution Service 3.0
RP277: 7/18/2009 1:19:02 PM - System Checkpoint
RP278: 7/21/2009 5:48:40 PM - System Checkpoint
RP279: 7/25/2009 8:07:27 PM - System Checkpoint
RP280: 7/27/2009 8:12:22 PM - System Checkpoint
RP281: 7/28/2009 8:12:53 PM - System Checkpoint
RP282: 7/28/2009 11:00:21 PM - Software Distribution Service 3.0
RP283: 7/31/2009 5:23:16 PM - System Checkpoint
RP284: 8/4/2009 7:56:57 PM - Installed Java(TM) 6 Update 15
RP285: 8/5/2009 9:38:22 PM - System Checkpoint
RP286: 8/8/2009 3:16:45 PM - Removed Athlon 64 Processor Driver
RP287: 8/13/2009 10:11:43 PM - Software Distribution Service 3.0
RP288: 8/21/2009 5:11:52 PM - System Checkpoint
RP289: 8/21/2009 7:13:21 PM - Software Distribution Service 3.0
RP290: 8/21/2009 7:30:21 PM - Printer Driver Microsoft XPS Document Writer Installed
RP291: 8/21/2009 7:41:23 PM - Restore Operation
RP292: 8/21/2009 9:00:32 PM - Removed BitDefender Total Security 2010
==== Installed Programs ======================
3DMark06
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
AutoUpdate
C-Media 6501 Sound
CCleaner (remove only)
Command & Conquer™ Red Alert™ 3
Counter-Strike: Source
Crysis WARHEAD(R)
Crysis(R)
Crysis(R) SP Demo
DivX Codec
DivX Version Checker
DivX Web Player
DNA
Driver Sweeper 1.0
EVGA Precision 1.0.2
Far Cry
Far Cry (Patch 1.4)
Fraps (remove only)
Full Tilt Poker
GameSpy Comrade
Google Chrome
Half-Life
Half-Life 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
InstallMgr
iTunes
Java(TM) 6 Update 15
K-Lite Codec Pack 5.0.5 (Basic)
Logitech GamePanel Software 2.02
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MSN Toolbar
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
PDF Settings
PunkBuster Services
QuickTime
Rhapsody
RivaTuner v2.09
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Sony Vegas Pro 8.0
Source SDK Base
Steam
Sven Co-op 3.0
System Requirements Lab
The Sims™ 3
TortoiseSVN 1.5.5.14361 (32 bit)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
World of Warcraft
World of Warcraft Public Test
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
8/22/2009 6:02:37 PM, error: Removable Storage Service [15]  - RSM cannot manage library CdRom1. The database is corrupt.
8/22/2009 6:02:34 PM, error: Removable Storage Service [15]  - RSM cannot manage library CdRom2. The database is corrupt.
8/22/2009 5:42:36 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/22/2009 5:33:10 PM, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  The specified module could not be found.
8/21/2009 9:02:48 PM, error: Service Control Manager [7034]  - The BitDefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
8/21/2009 8:29:27 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips
8/21/2009 8:13:37 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/21/2009 8:13:05 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/21/2009 7:11:19 PM, error: Service Control Manager [7034]  - The Windows MSI service terminated unexpectedly.  It has done this 1 time(s).
8/21/2009 7:09:56 PM, error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
8/21/2009 6:19:54 PM, error: Service Control Manager [7034]  - The PnkBstrB service terminated unexpectedly.  It has done this 1 time(s).
8/21/2009 6:19:54 PM, error: Service Control Manager [7034]  - The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
==== End Of File ===========================
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/23/2009 8:19 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Go to add/remove programs in controlpanel, and remove:
DNA
Viewpoint Media Player
 
 
  by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop
 
Start Avenger
 
Quote->
-------------------------------------
 
Files to delete:
c:\windows\MEMORY.DMP
c:\windows\system32\rezumatenoi.dat
C:\windows\system32\msihost.exe


------------------------------------------------------
Copy/Paste all the text  in the above quote box into the main window
Click Execute
 
The Avenger will automatically do the following:
It will Restart your computer.
 
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
 
This log file will be located at  C:\avenger.txt
 
Post C:\avenger.txt in next reply.
 
If you run malwarebyte now, please post that as well.
 
Before you run it, rename it to smss.exe


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/23/2009 12:36 PM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
I was able to do it. Here is Avenger.
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform:  Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "ams4otpf" found!
Start Type:  3 (Manual)
Rootkit scan completed.
File "c:\windows\MEMORY.DMP" deleted successfully.
File "c:\windows\system32\rezumatenoi.dat" deleted successfully.
File "C:\windows\system32\msihost.exe" deleted successfully.
Completed script processing.
*******************
Finished!  Terminate.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Malwarebytes
 
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3
8/23/2009 2:35:06 AM
mbam-log-2009-08-23 (02-35-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 201602
Time elapsed: 24 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{075716f7-550a-4724-9009-f11a9400e018}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.124,85.255.112.233 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\tempo-809125.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-6245921.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/23/2009 2:32 PM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Great smile
 
 
If you can run combofix now, please post a combofix log.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/23/2009 8:52 PM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Combofix is doing the same thing, blue screening, i tried again in safe mode and it just rebooted me.

Although when my desktop loaded I did notice I was able to access the internet without that 2-3 minute delay.
 
Also appears to sometimes be freezing right as i'm about to click my windows logon to go to my desktop.
 
The re-directs appear to still be happening, also was just browsing around on youtube and I got some really random ad pop ups. :(
 
Heres another thing I noticed, when I start windows and I get to my desktop, it takes about 15-20 seconds after having reached my desktop before I can see my start bar, at which point I hear the little windows-started music thing, and can do anything I need to. I hope any of this helps.
 
OKAYYYY, so I'm !!!!, I re-downloaded combofix and tried it again and it worked. I probably screwed up the original verison somehow. So far everything seems to be looking good, haven't got any re-directs and I haven't seen what looks like the previous symptons, I await your response!
 
ComboFix 09-08-22.06 - Administrator 08/23/2009 16:54.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2966 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\844a89.msi
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys

(((((((((((((((((((((((((   Files Created from 2009-07-24 to 2009-08-24  )))))))))))))))))))))))))))))))
.
2009-08-23 17:53 . 2009-08-23 23:38 -------- d-s---w- C:\321
2009-08-23 05:27 . 2009-08-23 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-23 03:02 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-08-23 03:02 . 2009-08-23 03:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-23 02:04 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 02:04 . 2009-08-23 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 02:04 . 2009-08-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 02:04 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 01:51 . 2009-08-23 01:51 -------- d-----w- c:\program files\CCleaner
2009-08-23 01:00 . 2009-08-23 01:00 -------- d-----w- c:\windows\system32\NtmsData
2009-08-23 00:37 . 2009-08-23 00:37 -------- d--h--w- c:\windows\PIF
2009-08-23 00:22 . 2009-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2009-08-22 03:42 . 2009-08-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-22 03:30 . 2009-08-22 03:41 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-08-22 03:24 . 2009-08-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-08-22 03:24 . 2009-08-22 03:24 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-22 02:51 . 2009-08-22 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 02:15 . 2009-08-22 02:15 -------- d-----w- C:\54b047081621ee4cb988526948
2009-08-22 01:57 . 2009-08-22 03:18 -------- d-----w- c:\windows\BDOSCAN8
2009-08-22 01:38 . 2009-08-22 01:38 3532 ----a-w- C:\drmHeader.bin
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iPod
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iTunes
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\QuickTime
2009-08-20 02:45 . 2009-08-20 02:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-19 23:27 . 2009-08-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 23:32 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-08 22:12 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-08 22:12 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:56 . 2009-08-05 02:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 23:42 . 2008-04-23 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-23 05:21 . 2008-04-26 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-22 03:29 . 2008-05-26 18:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 02:32 . 2008-04-18 17:58 21104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 02:00 . 2008-09-10 23:48 -------- d-----w- c:\program files\Bonjour
2009-08-22 01:19 . 2009-07-11 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\IGN_DLM
2009-08-22 01:13 . 2009-02-07 09:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-08-21 04:49 . 2008-04-23 03:15 -------- d-----w- c:\program files\Fraps
2009-08-20 02:48 . 2009-02-06 00:46 -------- d-----w- c:\program files\Common Files\Apple
2009-08-20 01:02 . 2009-02-07 18:12 -------- d-----w- c:\program files\Rhapsody
2009-08-19 23:28 . 2008-04-23 02:55 -------- d-----w- c:\program files\World of Warcraft
2009-08-08 22:17 . 2008-04-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:57 . 2009-03-10 23:42 -------- d-----w- c:\program files\Java
2009-07-25 12:23 . 2009-02-07 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:26 . 2009-07-11 02:23 -------- d-----w- c:\program files\Warcraft III
2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-04-16 01:16 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-03-27 17:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-03-27 17:03 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2008-11-12 22:54 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2008-11-12 22:54 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2008-11-12 22:54 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2008-11-12 22:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 05:28 . 2008-05-14 00:49 -------- d-----w- c:\program files\Steam
2009-07-10 14:01 . 2009-04-16 01:15 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2008-04-18 17:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 00:58 . 2009-06-10 00:58 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 03:34 . 2009-06-03 03:34 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-14 2051096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-05-07 142352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.1.game"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [4/18/2008 10:55 AM 1310720]
S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe --> \\?\c:\systemroot\system32\msihost.exe [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43]
2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-C6501Sound - c6501.cpl

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 17:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1343024091-2052111302-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:46,8f,d6,c1,c5,06,6c,e1,e4,83,4c,3d,cb,e2,a3,ba,c0,aa,f6,4f,cd,
   60,77,cc,05,9a,bc,bb,dc,5a,cd,6e,2d,10,1f,af,56,ca,cb,fe,98,22,e4,f4,ac,d3,\
"rkeysecu"=hex:c8,cc,33,d6,d5,cd,f8,70,8f,4d,b1,dc,ca,5d,7b,d0
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-08-24 17:05 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-24 00:05
Pre-Run: 343,919,452,160 bytes free
Post-Run: 350,331,957,248 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
272 --- E O F --- 2009-08-22 02:18

Post Edited (RickB) : 24-08-2009 00:10:14 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/24/2009 5:36 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Sounds good  smile
 
Open notepad and copy/paste the bold text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
Code:
Killall::
Snapshot::
File::
c:\windows\system32\msihost.exe
Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Administrator\Application Data\LimeWire
Driver::
Windows MSI
 
 
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/24/2009 5:46 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Here you go!
 
 
ComboFix 09-08-22.06 - Administrator 08/23/2009 19:39.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.2887 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FILE ::
"c:\windows\system32\msihost.exe"
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\LimeWire
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Administrator\Application Data\LimeWire\gnutella.net
c:\documents and settings\Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\Administrator\Application Data\LimeWire\library.dat
c:\documents and settings\Administrator\Application Data\LimeWire\library5.dat
c:\documents and settings\Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\Administrator\Application Data\LimeWire\lock
c:\documents and settings\Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\30B5DE57d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\4C4B6535d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\B7E8F4C3d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Ed01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\Cache\D5267890d01
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\localstore.rdf
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Administrator\Application Data\LimeWire\mozilla-profile\XUL.mfl
c:\documents and settings\Administrator\Application Data\LimeWire\player.props
c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Administrator\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Administrator\Application Data\LimeWire\questions.props
c:\documents and settings\Administrator\Application Data\LimeWire\responses.cache
c:\documents and settings\Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\Administrator\Application Data\LimeWire\spam.dat
c:\documents and settings\Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\Administrator\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Administrator\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Administrator\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\Administrator\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\All Users\Application Data\Viewpoint
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_MSI
-------\Service_Windows MSI

(((((((((((((((((((((((((   Files Created from 2009-07-24 to 2009-08-24  )))))))))))))))))))))))))))))))
.
2009-08-23 17:53 . 2009-08-23 23:38 -------- d-s---w- C:\321
2009-08-23 05:27 . 2009-08-23 05:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-23 03:02 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-08-23 03:02 . 2009-08-23 03:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-23 02:04 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 02:04 . 2009-08-23 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 02:04 . 2009-08-23 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 02:04 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 01:51 . 2009-08-23 01:51 -------- d-----w- c:\program files\CCleaner
2009-08-23 01:00 . 2009-08-23 01:00 -------- d-----w- c:\windows\system32\NtmsData
2009-08-23 00:37 . 2009-08-23 00:37 -------- d--h--w- c:\windows\PIF
2009-08-23 00:22 . 2009-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2009-08-22 03:42 . 2009-08-22 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-22 03:42 . 2009-08-22 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-22 03:30 . 2009-08-22 03:41 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-08-22 03:24 . 2009-08-23 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-08-22 03:24 . 2009-08-22 03:24 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-22 02:51 . 2009-08-22 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-22 02:15 . 2009-08-22 02:15 -------- d-----w- C:\54b047081621ee4cb988526948
2009-08-22 01:57 . 2009-08-22 03:18 -------- d-----w- c:\windows\BDOSCAN8
2009-08-22 01:38 . 2009-08-22 01:38 3532 ----a-w- C:\drmHeader.bin
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iPod
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\program files\iTunes
2009-08-20 02:48 . 2009-08-20 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-20 02:47 . 2009-08-20 02:47 -------- d-----w- c:\program files\QuickTime
2009-08-20 02:45 . 2009-08-20 02:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-08-19 23:27 . 2009-08-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-13 23:32 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-08 22:13 . 2009-08-08 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-08 22:12 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-08 22:12 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 02:56 . 2009-08-05 02:56 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 01:25 . 2008-04-23 02:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 03:29 . 2008-05-26 18:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 02:32 . 2008-04-18 17:58 21104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 02:00 . 2008-09-10 23:48 -------- d-----w- c:\program files\Bonjour
2009-08-22 01:19 . 2009-07-11 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\IGN_DLM
2009-08-21 04:49 . 2008-04-23 03:15 -------- d-----w- c:\program files\Fraps
2009-08-20 02:48 . 2009-02-06 00:46 -------- d-----w- c:\program files\Common Files\Apple
2009-08-20 01:02 . 2009-02-07 18:12 -------- d-----w- c:\program files\Rhapsody
2009-08-19 23:28 . 2008-04-23 02:55 -------- d-----w- c:\program files\World of Warcraft
2009-08-08 22:17 . 2008-04-18 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-08 22:13 . 2008-10-25 23:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 02:57 . 2009-03-10 23:42 -------- d-----w- c:\program files\Java
2009-07-25 12:23 . 2009-02-07 09:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:26 . 2009-07-11 02:23 -------- d-----w- c:\program files\Warcraft III
2009-07-14 20:35 . 2009-07-14 20:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-04-16 01:16 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-03-27 17:03 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-03-27 17:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-03-27 17:03 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2008-11-12 22:54 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2008-11-12 22:54 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2008-11-12 22:54 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2008-11-12 22:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 06:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 05:28 . 2008-05-14 00:49 -------- d-----w- c:\program files\Steam
2009-07-10 14:01 . 2009-04-16 01:15 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-09 15:52 . 2009-07-09 15:52 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.463\English\setup.exe
2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2008-04-18 17:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 00:58 . 2009-06-10 00:58 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 03:34 . 2009-06-03 03:34 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-14 2051096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-05-07 142352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.1.game"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [4/18/2008 10:55 AM 1310720]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RTCORE32
*Deregistered* - RTCore32
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43]
2009-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-2052111302-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-18 01:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 19:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1343024091-2052111302-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:46,8f,d6,c1,c5,06,6c,e1,e4,83,4c,3d,cb,e2,a3,ba,c0,aa,f6,4f,cd,
   60,77,cc,05,9a,bc,bb,dc,5a,cd,6e,2d,10,1f,af,56,ca,cb,fe,98,22,e4,f4,ac,d3,\
"rkeysecu"=hex:c8,cc,33,d6,d5,cd,f8,70,8f,4d,b1,dc,ca,5d,7b,d0
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-08-24 19:45 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-24 02:45
ComboFix2.txt  2009-08-24 00:05
Pre-Run: 350,201,262,080 bytes free
Post-Run: 350,196,862,976 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
637 --- E O F --- 2009-08-22 02:18
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/24/2009 5:49 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Looking good.  Please post new hijackthis log.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/24/2009 5:51 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Okay!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:16 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7349 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/24/2009 6:25 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
Looks clean - good job smile
 
 
Now your computer problems are solved, it is time for the clean-up procedure.
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
 
 
 
Click START then RUN
Now type Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.

 
To learn more about how to protect yourself while on the internet, please read Tony Klein´s  guide:
How did I get infected in the first place?
 
I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.
Avast makes an excellent free antivirus client
As does Avira:
 
An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Be sure to only have one of these installed at any one time though - more than that and they will conflict with each other and actually reduce your system's security.

Feel free to post back, if you have any questions or comments.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

RickB
New Member


Date Joined Aug 2009
Total Posts : 11
 
   Posted 8/24/2009 6:34 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
I know you get this a lot but I REALLY appreciate your help. Your knowledge about this stuff is very impressive.

To not only be willing to lend a helping hand, but for free, quickly, and efficiently, is just unbelievable.

Thank you so much!
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12976
 
   Posted 8/24/2009 6:45 AM (GMT +3)    Quote: Occasional re-direct virusAlert an admin about: Occasional re-direct virus
I know you get this a lot but I REALLY appreciate your help. Your knowledge about this stuff is very impressive.
I admit I do, but it is much appreciated every time, as it is keep me going smile
 
I´ll lock this topic. If you need our help again, just make a new topic.
 
And keep safe yeah


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Locked Topic Printable version of : Occasional re-direct virus
 
Forum Information
Currently it is Tuesday, October 21, 2014 10:57 PM (GMT +3)
There are a total of 60,667 posts in 13,333 threads.
In the last 3 days there were 4 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36543 registered members. Please welcome our newest member, Aascreens.
5 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Errors, warnings, infections, trojans and junk (1)10/21/2014 1:38:01 PM (Touch)
Cheap kitchen Appliances (0)10/21/2014 12:05:02 PM (mbogawesepi)
Cheap kitchen Appliances (0)10/21/2014 4:16:57 AM (darahtua)
I very satisfy of this product and I decide to buy it (0)10/21/2014 12:33:09 AM (jaksum)