View Full Version : Browser Re-Directing Plz. Help
rebelssdd
2009-06-07, 02:14
Hi. I'm having trouble with some kind of malware which redirects my browser to randomly generated pages. Not everything is affected, however, for example if I click on a bookmark for wikipedia, I can access other sites through links, which is how I'm accessing this site.
Ran HTJ and this is what I've Got.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:04 PM, on 6/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Documents and Settings\LAST REBEL\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AccuWeather Desktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244250437921&h=c6509842e2d7e7a94d9d901a74d762fb/&filename=jinstall-6u13-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 6426 bytes
I also have a copy on cd of spybot s&d that I got off of another computer at a different location, but it only goes so far and then it won't let me install because it wont update. My browser Will not let me go to safer-networking.org on this infected computer, it just redirects.
Have Malware Antibytes installed on this computer also, It will let me scan and come up with same infections every time, but they keep comming back, also it will not let me update.
Have AVG, it will let me update and run but finds nothing.
pskelley
2009-06-08, 01:28
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You must have read and followed the "Before you Post" instructions.
These infections can be tough, please don't expect fast ot easy.
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
4) Try the instructions as posted first, then if you find combofix will not run, try renaming it like this:
You must rename it before saving it, save it to your Desktop.
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
Thanks
rebelssdd
2009-06-08, 02:55
combofix txt
ComboFix 09-06-07.03 - LAST REBEL 06/07/2009 18:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.214 [GMT -5:00]
Running from: c:\documents and settings\LAST REBEL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LAST REBEL\Application Data\PCenter
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\cg.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\mw.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\rd.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\sc.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\sm.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\dbases\sp.dat
c:\documents and settings\LAST REBEL\Application Data\PCenter\keys\cg.key
c:\documents and settings\LAST REBEL\Application Data\PCenter\keys\rd.key
c:\documents and settings\LAST REBEL\Application Data\PCenter\keys\sc.key
c:\documents and settings\LAST REBEL\Application Data\PCenter\keys\sp.key
c:\documents and settings\LAST REBEL\Application Data\PCenter\temp\settings.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 04:16 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\setup.exe
2009-06-07 04:15 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ar00000\install.exe
2009-06-06 23:00 . 2009-06-06 23:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 22:48 . 2009-06-06 22:48 -------- d-----w- c:\program files\ERUNT
2009-06-06 01:43 . 2009-06-06 01:59 -------- d-----w- c:\program files\Free Window Registry Repair
2009-06-06 01:07 . 2009-06-06 01:07 -------- d-----w- c:\program files\Java
2009-06-06 01:06 . 2009-06-06 01:06 152576 ----a-w- c:\documents and settings\LAST REBEL\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-05 19:17 . 2009-06-05 19:17 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Identities
2009-06-05 04:18 . 2009-06-05 04:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 04:11 . 2009-06-05 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\Malwarebytes
2009-06-04 22:18 . 2009-04-06 20:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 22:18 . 2009-04-06 20:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 14:30 . 2009-06-01 14:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-01 01:45 . 2009-06-04 00:12 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-06-01 01:25 . 2009-06-05 00:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 22:08 . 2004-08-04 03:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-31 22:08 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-31 22:08 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-05-31 22:08 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-05-31 22:06 . 2009-06-01 01:28 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-05-31 22:06 . 2009-05-31 22:06 -------- d-----w- C:\Lexmark
2009-05-31 12:09 . 2009-05-31 12:09 -------- d-----w- c:\windows\system32\LogFiles
2009-05-27 14:54 . 2009-05-27 14:54 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\tjnet
2009-05-27 14:43 . 2009-05-27 14:43 29528 ----a-w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 14:36 . 2009-05-27 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 14:00 . 2009-05-27 14:00 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\AdobeUM
2009-05-27 13:59 . 2009-05-27 14:00 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Adobe
2009-05-27 13:34 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\setup1.exe
2009-05-27 13:34 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\install1.exe
2009-05-27 13:33 . 2009-06-07 04:16 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp
2009-05-27 13:33 . 2004-08-04 04:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-05-27 13:33 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-27 06:58 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 03:09 . 2009-05-27 03:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-27 03:06 . 2006-09-06 21:43 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-27 03:06 . 2009-05-27 03:06 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 02:45 . 2009-06-07 16:48 -------- d-----w- c:\program files\PokerStars
2009-05-27 02:38 . 2009-05-27 02:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-27 02:38 . 2009-05-27 02:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-27 02:38 . 2009-05-27 02:38 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-27 02:38 . 2009-05-27 02:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-27 02:38 . 2009-06-07 14:58 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\program files\AVG
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-27 02:27 . 2009-06-07 17:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-27 02:20 . 2009-05-27 02:20 -------- d-----w- c:\windows\Sun
2009-05-27 02:20 . 2009-06-06 01:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 02:09 . 2003-11-21 22:45 37888 ----a-r- c:\windows\system32\ochlp30e.dll
2009-05-27 02:07 . 2005-09-26 21:07 40960 ------w- c:\windows\system32\ChCfg.exe
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\CyberLink
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\Owner
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Stardock
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-05-27 02:05 . 2009-05-27 02:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 02:00 . 2009-06-05 04:35 -------- d-----w- c:\program files\Google
2009-05-27 02:00 . 2009-05-27 03:12 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Google
2009-05-27 02:00 . 2009-05-27 02:00 -------- d-----w- c:\program files\MSN Encarta Plus
2009-05-27 02:00 . 2009-05-27 02:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\program files\Digital Media Reader
2009-05-27 01:59 . 2009-05-27 02:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\windows\Downloaded Installations
2009-05-27 01:59 . 2009-05-27 01:59 4 ----a-w- c:\windows\Pix11.dat
2009-05-27 01:58 . 2009-05-27 01:59 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-05-27 01:57 . 2009-05-27 01:57 -------- d-----w- c:\program files\CONEXANT
2009-05-27 01:57 . 2004-08-04 21:34 39018 ----a-r- c:\windows\system32\HSFCI011.dll
2009-05-27 01:57 . 2004-03-17 18:04 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2009-05-27 01:57 . 2004-03-17 18:00 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2009-05-27 01:57 . 2004-06-17 21:56 220032 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-27 01:57 . 2004-06-17 21:55 685056 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-27 01:57 . 2004-06-17 21:55 1041536 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2009-05-27 01:57 . 2003-03-18 18:14 499712 ------w- c:\windows\system32\msvcp71.dll
2009-05-27 01:57 . 2003-02-21 02:42 348160 ------w- c:\windows\system32\msvcr71.dll
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism Deploy
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\program files\Common Files\New Boundary
2009-05-27 01:55 . 2009-05-27 01:56 -------- d-----w- c:\windows\system32\URTTemp
2009-05-27 01:55 . 2009-05-27 01:55 -------- d-----w- C:\DriversApps
2009-05-27 01:43 . 2009-05-27 01:43 -------- d-----w- C:\SYSPREP
2009-05-27 01:38 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-27 01:38 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-27 01:38 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-27 01:37 . 2004-08-04 06:08 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-05-27 01:37 . 2004-08-04 07:56 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-05-27 01:37 . 2004-08-04 06:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-05-27 01:35 . 2009-05-27 01:35 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-05-27 01:35 . 2004-08-04 00:56 51712 ----a-w- c:\windows\system32\wzcsapi.dll
2009-05-27 01:35 . 2004-08-04 00:56 359936 ----a-w- c:\windows\system32\wzcsvc.dll
2009-05-27 01:33 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2009-05-27 01:32 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2009-05-27 01:31 . 2004-08-03 23:07 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2009-05-27 01:31 . 2004-08-03 22:59 36992 ----a-w- c:\windows\system32\drivers\amdk6.sys
2009-05-27 01:31 . 2004-08-03 23:07 44928 ----a-w- c:\windows\system32\drivers\AGPCPQ.SYS
2009-05-27 01:31 . 2004-08-03 23:07 43008 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
2009-05-27 01:31 . 2004-08-04 00:56 52224 ----a-w- c:\windows\system32\dmutil.dll
2009-05-27 01:31 . 2004-08-03 23:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-05-27 01:31 . 2004-08-04 01:01 40840 -c--a-w- c:\windows\system32\dllcache\termdd.sys
2009-05-27 01:31 . 2004-08-04 00:56 74752 -c--a-w- c:\windows\system32\dllcache\storprop.dll
2009-05-27 01:31 . 2004-08-03 23:01 196864 -c--a-w- c:\windows\system32\dllcache\rdpdr.sys
2009-05-27 01:31 . 2004-08-04 00:56 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-05-27 01:29 . 2004-08-04 19:00 214528 -c--a-w- c:\windows\system32\dllcache\wbemcomn.dll
2009-05-27 01:28 . 2004-08-04 19:00 565760 -c--a-w- c:\windows\system32\dllcache\msvcp50.dll
2009-05-27 01:27 . 2004-08-04 19:00 9728 -c--a-w- c:\windows\system32\dllcache\label.exe
2009-05-27 01:26 . 2004-08-04 19:00 83456 -c--a-w- c:\windows\system32\dllcache\dpvsetup.exe
.
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:30 PM, on 6/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AccuWeather Desktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244250437921&h=c6509842e2d7e7a94d9d901a74d762fb/&filename=jinstall-6u13-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 6440 bytes
HJT Uninstall
AccuWeather Desktop
AccuWeather Desktop
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AVG Free 8.5
Digital Media Reader
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Java(TM) 6 Update 13
Lexmark 4300 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Nero BurnRights
Nero OEM
NVIDIA Drivers
PokerStars
PowerDVD
Realtek AC'97 Audio
SoftV92 Data Fax Modem with SmartCP
Windows Backup Utility
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
pskelley
2009-06-08, 12:01
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player 10 ActiveX <<< check this:
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Adobe Reader 8.1.2 <<< out of date and unsafe:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php
Java(TM) 6 Update 13 <<< an update is available, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
Follow the directions carefully and in the posted order.
1) That is not a complete combofix log, please post the complete log.
Notepad > Edit > Select All > copy/paste. You may attach that file as a .zip if you wish.
http://it.cas.psu.edu/Training/HowTo/ENComputers/zip.html
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
(If you still have MBAM there is no need to download it again, but be suire to update the prgram and run it as directed)
3) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running now?
Thanks
rebelssdd
2009-06-08, 21:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:02 PM, on 6/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ktbs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AccuWeather Desktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 6016 bytes
AccuWeather Desktop
AccuWeather Desktop
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AVG Free 8.5
Digital Media Reader
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Java(TM) 6 Update 14
Lexmark 4300 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Nero BurnRights
Nero OEM
NVIDIA Drivers
PokerStars
PowerDVD
Realtek AC'97 Audio
SoftV92 Data Fax Modem with SmartCP
Windows Backup Utility
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
ComboFix 09-06-07.07 - LAST REBEL 06/08/2009 12:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.110 [GMT -5:00]
Running from: c:\documents and settings\LAST REBEL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-08 16:30 . 2009-06-08 16:30 -------- d-----w- c:\program files\Java
2009-06-08 16:30 . 2009-06-08 16:30 152576 ----a-w- c:\documents and settings\LAST REBEL\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 16:28 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\setup.exe
2009-06-08 16:28 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ar00000\install.exe
2009-06-08 16:06 . 2009-06-08 16:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-08 16:04 . 2009-06-08 16:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-08 15:55 . 2009-06-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-08 15:55 . 2009-06-08 16:27 -------- d-----w- c:\program files\NOS
2009-06-08 15:23 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 15:23 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 15:22 . 2009-06-08 15:22 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\magicJack
2009-06-06 23:00 . 2009-06-06 23:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 22:48 . 2009-06-06 22:48 -------- d-----w- c:\program files\ERUNT
2009-06-06 01:43 . 2009-06-06 01:59 -------- d-----w- c:\program files\Free Window Registry Repair
2009-06-05 19:17 . 2009-06-05 19:17 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Identities
2009-06-05 04:11 . 2009-06-05 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\Malwarebytes
2009-06-04 22:18 . 2009-04-06 20:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-04 22:18 . 2009-04-06 20:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 14:30 . 2009-06-01 14:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-01 01:45 . 2009-06-04 00:12 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-06-01 01:25 . 2009-06-05 00:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 22:08 . 2004-08-04 03:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-31 22:08 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-31 22:08 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-05-31 22:08 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-05-31 22:06 . 2009-06-01 01:28 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-05-31 22:06 . 2009-05-31 22:06 -------- d-----w- C:\Lexmark
2009-05-31 12:09 . 2009-05-31 12:09 -------- d-----w- c:\windows\system32\LogFiles
2009-05-27 14:54 . 2009-05-27 14:54 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\tjnet
2009-05-27 14:43 . 2009-05-27 14:43 29528 ----a-w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 14:36 . 2009-05-27 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 14:00 . 2009-05-27 14:00 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\AdobeUM
2009-05-27 13:59 . 2009-06-08 16:05 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Adobe
2009-05-27 13:33 . 2009-06-08 16:28 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp
2009-05-27 13:33 . 2004-08-04 04:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-05-27 13:33 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-27 06:58 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 03:09 . 2009-05-27 03:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-27 03:06 . 2006-09-06 21:43 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-27 03:06 . 2009-05-27 03:06 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 02:45 . 2009-06-08 01:18 -------- d-----w- c:\program files\PokerStars
2009-05-27 02:38 . 2009-05-27 02:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-27 02:38 . 2009-05-27 02:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-27 02:38 . 2009-05-27 02:38 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-27 02:38 . 2009-05-27 02:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-27 02:38 . 2009-06-08 15:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\program files\AVG
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-27 02:27 . 2009-06-07 17:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-27 02:20 . 2009-05-27 02:20 -------- d-----w- c:\windows\Sun
2009-05-27 02:20 . 2009-06-08 16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 02:09 . 2003-11-21 22:45 37888 ----a-r- c:\windows\system32\ochlp30e.dll
2009-05-27 02:07 . 2005-09-26 21:07 40960 ------w- c:\windows\system32\ChCfg.exe
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\CyberLink
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\Owner
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Stardock
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-05-27 02:05 . 2009-05-27 02:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 02:00 . 2009-06-05 04:35 -------- d-----w- c:\program files\Google
2009-05-27 02:00 . 2009-05-27 03:12 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Google
2009-05-27 02:00 . 2009-05-27 02:00 -------- d-----w- c:\program files\MSN Encarta Plus
2009-05-27 02:00 . 2009-05-27 02:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\program files\Digital Media Reader
2009-05-27 01:59 . 2009-05-27 02:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\windows\Downloaded Installations
2009-05-27 01:59 . 2009-05-27 01:59 4 ----a-w- c:\windows\Pix11.dat
2009-05-27 01:58 . 2009-05-27 01:59 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-05-27 01:57 . 2009-05-27 01:57 -------- d-----w- c:\program files\CONEXANT
2009-05-27 01:57 . 2004-08-04 21:34 39018 ----a-r- c:\windows\system32\HSFCI011.dll
2009-05-27 01:57 . 2004-03-17 18:04 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2009-05-27 01:57 . 2004-03-17 18:00 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2009-05-27 01:57 . 2004-06-17 21:56 220032 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-27 01:57 . 2004-06-17 21:55 685056 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-27 01:57 . 2004-06-17 21:55 1041536 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2009-05-27 01:57 . 2003-03-18 18:14 499712 ------w- c:\windows\system32\msvcp71.dll
2009-05-27 01:57 . 2003-02-21 02:42 348160 ------w- c:\windows\system32\msvcr71.dll
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism Deploy
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\program files\Common Files\New Boundary
2009-05-27 01:55 . 2009-05-27 01:56 -------- d-----w- c:\windows\system32\URTTemp
2009-05-27 01:55 . 2009-05-27 01:55 -------- d-----w- C:\DriversApps
2009-05-27 01:43 . 2009-05-27 01:43 -------- d-----w- C:\SYSPREP
2009-05-27 01:38 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-27 01:38 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-27 01:38 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-27 01:37 . 2004-08-04 06:08 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-05-27 01:37 . 2004-08-04 07:56 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-05-27 01:37 . 2004-08-04 06:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-05-27 01:35 . 2009-05-27 01:35 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-05-27 01:35 . 2004-08-04 00:56 51712 ----a-w- c:\windows\system32\wzcsapi.dll
2009-05-27 01:35 . 2004-08-04 00:56 359936 ----a-w- c:\windows\system32\wzcsvc.dll
2009-05-27 01:33 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2009-05-27 01:32 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2009-05-27 01:31 . 2004-08-03 23:07 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2009-05-27 01:31 . 2004-08-03 22:59 36992 ----a-w- c:\windows\system32\drivers\amdk6.sys
2009-05-27 01:31 . 2004-08-03 23:07 44928 ----a-w- c:\windows\system32\drivers\AGPCPQ.SYS
2009-05-27 01:31 . 2004-08-03 23:07 43008 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
2009-05-27 01:31 . 2004-08-04 00:56 52224 ----a-w- c:\windows\system32\dmutil.dll
2009-05-27 01:31 . 2004-08-03 23:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-05-27 01:31 . 2004-08-04 01:01 40840 -c--a-w- c:\windows\system32\dllcache\termdd.sys
2009-05-27 01:31 . 2004-08-04 00:56 74752 -c--a-w- c:\windows\system32\dllcache\storprop.dll
2009-05-27 01:31 . 2004-08-03 23:01 196864 -c--a-w- c:\windows\system32\dllcache\rdpdr.sys
2009-05-27 01:31 . 2004-08-04 00:56 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-05-27 01:29 . 2004-08-04 19:00 214528 -c--a-w- c:\windows\system32\dllcache\wbemcomn.dll
2009-05-27 01:28 . 2004-08-04 19:00 565760 -c--a-w- c:\windows\system32\dllcache\msvcp50.dll
2009-05-27 01:27 . 2004-08-04 19:00 9728 -c--a-w- c:\windows\system32\dllcache\label.exe
2009-05-27 01:26 . 2004-08-04 19:00 83456 -c--a-w- c:\windows\system32\dllcache\dpvsetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 01:28 . 2009-05-31 22:07 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-05-27 02:09 . 2009-05-27 02:09 -------- d-----w- c:\program files\Microsoft Works
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\Realtek Sound Manager
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\AvRack
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\Realtek AC97
2009-05-27 02:06 . 2009-05-27 02:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\Common Files\Stardock
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\AccuWeather
2009-05-27 02:06 . 2009-05-27 02:05 -------- d-----w- c:\program files\Ahead
2009-05-27 02:03 . 2009-05-27 02:02 -------- d-----w- c:\program files\Microsoft Money 2005
2009-04-30 21:34 . 2009-05-27 02:06 2655784 -c--a-w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}\accuweather_setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-07_23.35.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 17:10 . 2009-06-08 17:10 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2009-06-08 16:55 . 2009-06-08 16:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-26 18:07 . 2009-06-02 11:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-06-02 11:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-26 18:07 . 2009-06-02 11:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-08 15:22 . 2009-06-08 17:09 2300 c:\windows\SoftwareDistribution\EventCache\{4C08DB53-1BDD-41F9-BCAC-DB21A6012A7A}.bin
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 148888 c:\windows\system32\javaws.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 148888 c:\windows\system32\javaws.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 144792 c:\windows\system32\javaw.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 144792 c:\windows\system32\javaw.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 144792 c:\windows\system32\java.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 144792 c:\windows\system32\java.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"cdloader"="c:\documents and settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-27 1947928]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-26 90112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuWeather Desktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [2009-4-30 967472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-27 02:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\LAST REBEL\\Application Data\\mjusbsp\\magicJack.exe"=
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-27 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-27 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-27 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-27 298776]
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 04:11]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://www.ktbs.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 12:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-08 12:33
ComboFix-quarantined-files.txt 2009-06-08 17:33
ComboFix2.txt 2009-06-08 17:20
Pre-Run: 151,612,608,512 bytes free
Post-Run: 151,593,177,088 bytes free
240
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
6/8/2009 1:07:18 PM
mbam-log-2009-06-08 (13-07-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 99679
Time elapsed: 17 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also I installed adobe reader 9.1 as per your instructions.
Installed adobe flash player 10.0.22.87
Installed java 6 update 14
InstalledATF Cleaner and ran.
Ran malwareanitbytes and posted logfile above, but still cannot update it, saying update failed, make sure you are connected to the internet and your firewall is set to allow maiwareantibytes to access the internet, which I have done, But still wont update.
Browser is still redirecting .
Tried going to spybot _ safer-networking.org but redirects.
Have spybot s&d on cd from another location, try to install and it runs all the way to install but wont because of it wont update.
Maybe you can help me some more with the new logs I've posted above.
I would really appreciate it, also thank you for your time so far. Jeff
rebelssdd
2009-06-08, 21:38
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
6/8/2009 1:07:18 PM
mbam-log-2009-06-08 (13-07-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 99679
Time elapsed: 17 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Also when I run Malwareantibytes it comes up with the same 6 infections, quarantine the 6, and still comes back with the same 6 on every scan, and still not able to update this. thank you, Jeff
pskelley
2009-06-08, 23:31
On 6/8/2009 the database is 2249
MBAM is likely having problems removing the junk because you are running Database version: 1945 which is very old.
What browser are you using here:
Browser is still redirecting .
Try another browser, I am guessing MBAM is having trouble removing the junk because of the old database.
I just now updated MBAM so I know it is working, if you need another browser to try, here is one:
http://www.mozilla.com/en-US/firefox/ie.html
I always keep a spare broswer for situations like this, but once the malware is gone and you are back to normal, you can uninstall the browser if you wish.
rebelssdd
2009-06-09, 01:19
Ok, here is is again.
Per your instructions: Downloaded Mozilla Firefox - Deleted previous version of Malwarebytes.
Logged in to Mozilla Firefox and could not got to Malwarebytes site so I went to the only one that it would let me which was download.com - Cnet - and got the latest version of Malwarebytes - Tried to update - No success - Still saying must be connected to the internet and to allow firewall exceptions to allow malwarebytes to connect to internet, then comes up with error code while trying to update > error code 732 (12007 ) - And I did that - Still wont update - Still re-directing - Below is log file of new scan with malwarebytes. Thanks, Jeff
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2
6/8/2009 4:25:04 PM
mbam-log-2009-06-08 (16-25-04).txt
Scan type: Full Scan (C:\|)
Objects scanned: 114106
Time elapsed: 29 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d144d661-268b-4377-afee-41a8b6844445}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 1.2.3.4 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
pskelley
2009-06-09, 01:29
Please tell me what browsers are being redirected and where they are directing you.
I would like you do delete combofix completely from the computer, once that has been done, restart the computer.
Download combofix again from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to the Desktop, then doubleclick to run combofix and post only the log that results.
Thanks
rebelssdd
2009-06-09, 02:48
ComboFix 09-06-08.02 - LAST REBEL 06/08/2009 18:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.146 [GMT -5:00]
Running from: c:\documents and settings\LAST REBEL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-08 22:48 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\setup.exe
2009-06-08 22:48 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ar00000\install.exe
2009-06-08 20:52 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 20:52 . 2009-06-08 20:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 20:52 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 20:41 . 2009-06-08 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-06-08 20:41 . 2009-06-08 20:41 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Mozilla
2009-06-08 16:30 . 2009-06-08 16:30 -------- d-----w- c:\program files\Java
2009-06-08 16:30 . 2009-06-08 16:30 152576 ----a-w- c:\documents and settings\LAST REBEL\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 16:06 . 2009-06-08 16:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-08 16:04 . 2009-06-08 16:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-08 15:55 . 2009-06-08 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-08 15:55 . 2009-06-08 16:27 -------- d-----w- c:\program files\NOS
2009-06-08 15:23 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 15:23 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 15:22 . 2009-06-08 15:22 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\magicJack
2009-06-06 23:00 . 2009-06-06 23:00 -------- d-----w- c:\program files\Trend Micro
2009-06-06 22:48 . 2009-06-06 22:48 -------- d-----w- c:\program files\ERUNT
2009-06-06 01:43 . 2009-06-06 01:59 -------- d-----w- c:\program files\Free Window Registry Repair
2009-06-05 19:17 . 2009-06-05 19:17 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Identities
2009-06-05 04:11 . 2009-06-05 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\Malwarebytes
2009-06-04 22:18 . 2009-06-04 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-01 14:30 . 2009-06-01 14:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-01 01:45 . 2009-06-04 00:12 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-06-01 01:25 . 2009-06-05 00:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 22:08 . 2004-08-04 03:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-05-31 22:08 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-31 22:08 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-05-31 22:08 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-05-31 22:06 . 2009-06-01 01:28 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2009-05-31 22:06 . 2009-05-31 22:06 -------- d-----w- C:\Lexmark
2009-05-31 12:09 . 2009-05-31 12:09 -------- d-----w- c:\windows\system32\LogFiles
2009-05-27 14:54 . 2009-05-27 14:54 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\tjnet
2009-05-27 14:43 . 2009-05-27 14:43 29528 ----a-w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 14:36 . 2009-05-27 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 14:00 . 2009-05-27 14:00 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\AdobeUM
2009-05-27 13:59 . 2009-06-08 16:05 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Adobe
2009-05-27 13:33 . 2009-06-08 22:48 -------- d-----w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp
2009-05-27 13:33 . 2004-08-04 04:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-05-27 13:33 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-05-27 06:58 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-27 03:09 . 2009-05-27 03:09 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-27 03:06 . 2006-09-06 21:43 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-27 03:06 . 2009-05-27 03:06 -------- d--h--w- c:\windows\$hf_mig$
2009-05-27 02:45 . 2009-06-08 01:18 -------- d-----w- c:\program files\PokerStars
2009-05-27 02:38 . 2009-05-27 02:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-27 02:38 . 2009-05-27 02:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-27 02:38 . 2009-05-27 02:38 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-27 02:38 . 2009-05-27 02:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-27 02:38 . 2009-06-08 22:36 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\program files\AVG
2009-05-27 02:38 . 2009-05-27 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-27 02:27 . 2009-06-07 17:04 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-27 02:20 . 2009-05-27 02:20 -------- d-----w- c:\windows\Sun
2009-05-27 02:20 . 2009-06-08 16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 02:09 . 2003-11-21 22:45 37888 ----a-r- c:\windows\system32\ochlp30e.dll
2009-05-27 02:07 . 2005-09-26 21:07 40960 ------w- c:\windows\system32\ChCfg.exe
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\CyberLink
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\Owner
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Stardock
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-05-27 02:05 . 2009-05-27 02:05 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 02:00 . 2009-06-05 04:35 -------- d-----w- c:\program files\Google
2009-05-27 02:00 . 2009-05-27 03:12 -------- d-----w- c:\documents and settings\LAST REBEL\Local Settings\Application Data\Google
2009-05-27 02:00 . 2009-05-27 02:00 -------- d-----w- c:\program files\MSN Encarta Plus
2009-05-27 02:00 . 2009-05-27 02:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\program files\Digital Media Reader
2009-05-27 01:59 . 2009-05-27 02:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-27 01:59 . 2009-05-27 01:59 -------- d-----w- c:\windows\Downloaded Installations
2009-05-27 01:59 . 2009-05-27 01:59 4 ----a-w- c:\windows\Pix11.dat
2009-05-27 01:58 . 2009-05-27 01:59 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-05-27 01:57 . 2009-05-27 01:57 -------- d-----w- c:\program files\CONEXANT
2009-05-27 01:57 . 2004-08-04 21:34 39018 ----a-r- c:\windows\system32\HSFCI011.dll
2009-05-27 01:57 . 2004-03-17 18:04 13059 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2009-05-27 01:57 . 2004-03-17 18:00 86016 ----a-r- c:\windows\system32\mdmxsdk.dll
2009-05-27 01:57 . 2004-06-17 21:56 220032 ----a-r- c:\windows\system32\drivers\HSFHWBS2.sys
2009-05-27 01:57 . 2004-06-17 21:55 685056 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2009-05-27 01:57 . 2004-06-17 21:55 1041536 ----a-r- c:\windows\system32\drivers\HSF_DP.sys
2009-05-27 01:57 . 2003-03-18 18:14 499712 ------w- c:\windows\system32\msvcp71.dll
2009-05-27 01:57 . 2003-02-21 02:42 348160 ------w- c:\windows\system32\msvcr71.dll
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism Deploy
2009-05-27 01:56 . 2009-05-27 01:56 -------- d-----w- c:\program files\Common Files\New Boundary
2009-05-27 01:55 . 2009-05-27 01:56 -------- d-----w- c:\windows\system32\URTTemp
2009-05-27 01:55 . 2009-05-27 01:55 -------- d-----w- C:\DriversApps
2009-05-27 01:43 . 2009-05-27 01:43 -------- d-----w- C:\SYSPREP
2009-05-27 01:38 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-27 01:38 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-05-27 01:38 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-27 01:37 . 2004-08-04 06:08 17024 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-05-27 01:37 . 2004-08-04 07:56 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-05-27 01:37 . 2004-08-04 06:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-05-27 01:35 . 2009-05-27 01:35 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-05-27 01:35 . 2004-08-04 00:56 51712 ----a-w- c:\windows\system32\wzcsapi.dll
2009-05-27 01:35 . 2004-08-04 00:56 359936 ----a-w- c:\windows\system32\wzcsvc.dll
2009-05-27 01:33 . 2001-08-17 22:36 323641 ----a-w- c:\windows\system32\usrdtea.dll
2009-05-27 01:32 . 2001-08-17 22:36 147968 ----a-w- c:\windows\system32\mdwmdmsp.dll
2009-05-27 01:31 . 2004-08-03 23:07 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 41088 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2009-05-27 01:31 . 2004-08-03 22:59 36992 ----a-w- c:\windows\system32\drivers\amdk6.sys
2009-05-27 01:31 . 2004-08-03 23:07 44928 ----a-w- c:\windows\system32\drivers\AGPCPQ.SYS
2009-05-27 01:31 . 2004-08-03 23:07 43008 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
2009-05-27 01:31 . 2004-08-03 23:07 42752 ----a-w- c:\windows\system32\drivers\ALIM1541.SYS
2009-05-27 01:31 . 2004-08-04 00:56 52224 ----a-w- c:\windows\system32\dmutil.dll
2009-05-27 01:31 . 2004-08-03 23:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-05-27 01:31 . 2004-08-04 01:01 40840 -c--a-w- c:\windows\system32\dllcache\termdd.sys
2009-05-27 01:31 . 2004-08-04 00:56 74752 -c--a-w- c:\windows\system32\dllcache\storprop.dll
2009-05-27 01:31 . 2004-08-03 23:01 196864 -c--a-w- c:\windows\system32\dllcache\rdpdr.sys
2009-05-27 01:31 . 2004-08-04 00:56 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-05-27 01:29 . 2004-08-04 19:00 214528 -c--a-w- c:\windows\system32\dllcache\wbemcomn.dll
2009-05-27 01:28 . 2004-08-04 19:00 565760 -c--a-w- c:\windows\system32\dllcache\msvcp50.dll
2009-05-27 01:27 . 2004-08-04 19:00 9728 -c--a-w- c:\windows\system32\dllcache\label.exe
2009-05-27 01:26 . 2004-08-04 19:00 83456 -c--a-w- c:\windows\system32\dllcache\dpvsetup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 01:28 . 2009-05-31 22:07 -------- d-----w- c:\program files\Lexmark 4300 Series
2009-05-27 02:09 . 2009-05-27 02:09 -------- d-----w- c:\program files\Microsoft Works
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\Realtek Sound Manager
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\AvRack
2009-05-27 02:07 . 2009-05-27 02:07 -------- d-----w- c:\program files\Realtek AC97
2009-05-27 02:06 . 2009-05-27 02:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\Common Files\Stardock
2009-05-27 02:06 . 2009-05-27 02:06 -------- d-----w- c:\program files\AccuWeather
2009-05-27 02:06 . 2009-05-27 02:05 -------- d-----w- c:\program files\Ahead
2009-05-27 02:03 . 2009-05-27 02:02 -------- d-----w- c:\program files\Microsoft Money 2005
2009-04-30 21:34 . 2009-05-27 02:06 2655784 -c--a-w- c:\documents and settings\All Users\Application Data\{198DF385-4721-45F3-BF73-6D54286CF458}\accuweather_setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-07_23.35.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 20:47 . 2009-06-08 20:47 16384 c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2009-06-08 16:55 . 2009-06-08 16:55 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-26 18:07 . 2009-06-02 11:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-26 18:07 . 2009-06-02 11:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-26 18:07 . 2009-06-02 11:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-26 18:07 . 2009-06-08 15:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-08 15:22 . 2009-06-08 17:09 2300 c:\windows\SoftwareDistribution\EventCache\{4C08DB53-1BDD-41F9-BCAC-DB21A6012A7A}.bin
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 148888 c:\windows\system32\javaws.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 148888 c:\windows\system32\javaws.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 144792 c:\windows\system32\javaw.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 144792 c:\windows\system32\javaw.exe
+ 2009-06-08 16:31 . 2009-06-08 16:31 144792 c:\windows\system32\java.exe
- 2009-06-06 01:07 . 2009-06-06 01:07 144792 c:\windows\system32\java.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"cdloader"="c:\documents and settings\LAST REBEL\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-27 1947928]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-05 68592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-26 90112]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AccuWeather Desktop.lnk - c:\program files\AccuWeather\Desktop\AccuWeatherDesktop.exe [2009-4-30 967472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-27 02:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\LAST REBEL\\Application Data\\mjusbsp\\magicJack.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/26/2009 9:38 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/26/2009 9:38 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/26/2009 9:38 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/26/2009 9:38 PM 298776]
.
Contents of the 'Scheduled Tasks' folder
2009-06-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 04:11]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://www.ktbs.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\LAST REBEL\Application Data\Mozilla\Firefox\Profiles\kexjnob1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ktbs.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 18:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-08 18:40
ComboFix-quarantined-files.txt 2009-06-08 23:40
ComboFix2.txt 2009-06-08 17:20
Pre-Run: 151,479,951,360 bytes free
Post-Run: 151,506,313,216 bytes free
245
rebelssdd
2009-06-09, 02:58
Well as per your request I deleted combofix - restarted computer - dowloaded new combofix and ran - posted log above.
as for what is redirecting and what browsers.
ie7 and mozillafirefox anre both redirecting as such,
just about any site that has to do with repairing your computer as : safer-networking.org is going to google search site.
malwarebytes.org is going to a google page that says oopss.
mostly it goes to a google search site.
pskelley
2009-06-09, 03:08
c:\program files\Free Window Registry Repair
For your information:
http://forums.spybot.info/showthread.php?t=30113
Thanks for the feedback, I am not really seeing anything? Let's have GMER take a look.
Download gmer.zip and save to your desktop.
http://gmer.net/gmer.zip <<< here
alternate download site
http://hype.free.googlepages.com/gmer.zip
* Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure)
http://www.bleepingcomputer.com/tutorials/tutorial105.html
* When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
* Double-click on Gmer.exe to start the program.
* Allow the gmer.sys driver to load if asked.
* If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
* Click on the Rootkit tab.
* Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
* Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
* When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
* Note: If you have any problems, try running GMER in SAFE MODE"
http://www.bleepingcomputer.com/tutorials/tutorial61.html
Important! Please do not select the "Show all" checkbox during the scan.
rebelssdd
2009-06-09, 04:13
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-08 20:04:47
Windows 5.1.2600 Service Pack 2
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
rebelssdd
2009-06-09, 04:34
3217
3218
3219
3220
pskelley
2009-06-09, 14:00
You can delete GMER, it found no rootkits.
Are you using a router? If so you may need to reset the router:
Malware Silently Alters Wireless Router Settings
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
DNS error - cannot find server
http://www.google.com/search?hl=en&q=DNS+error+-+cannot+find+server&btnG=Google+Search&aq=f&oq=&aqi=
Since it is occuring in both browsers, I suggest you involve your Internet Service Provider (technical support) they may need to help you reset the DNS to their settings?
Flush and reset a client resolver cache using the ipconfig command
http://technet.microsoft.com/en-us/library/cc781949.aspx
You can give this tool a try:
http://windowsxp.mvps.org/winsock.htm
Let me know what works
Thanks
rebelssdd
2009-06-09, 19:49
Thanks for all your Help P.S. Kelly !!!!
Stayed up til 4am but got it fixed:
Kept wondering about the log file on malwarebytes, everytime it would come up with the same DNS CHANGER TROJAN and quarantine , 1 minute later do another scan and its back.
Well scratching my head about 11:30 pm last night and after 5 weeks of saying god awefull things to my computer, I did a complete hard drive restore , destructive, partitions and everytrhing. ground up.
But before I did that I started researching the other day about DNS CHANGER TROJANS , JUST LIKE THE ATICLES THAT YOU JUST POSTED ABOVE.
Well it clicked and I said after 5 weeks ,a heck of alot of hours, and bloodshot eyes, to do a destructive partion restore back to factory.
After I unplugged the router right away. should have done that task first, but its ok.
Took my ethernet cable and plugged into modem only, rebooted modem , and guess what ?
yep your right , started to get updates , can go to any security related website without redirecting pages.
Funny thing though it woiuld only redircet if you went to any security related websites.
Was then able to go to them all.
Went to safer-networking.org , downloaded spybot s&d , no problem , installed, updated, scanned, all works fine.
MY SUGGESTION TO EVERYONE : IF YOU ARE GOING THROUGH A ROUTER, UNPLUG IT AND FEED OFF THE MODEM ITSELF.
CORRECT THE ROUTER PROBLEM LATER - AND BEFORE REINSTALLING DRIVERS AND PARTITIONS , DISCONNECT FROM ROUTER.
PROBLEM SOLVED; THANKS FOR YOUR HELP P.S. KELLY
HAPPY IN LOUISIANA AFTER THOUSANDS OF HOURS AND NO HAIR LEFT, JEFF
rebelssdd
2009-06-09, 20:05
This is for everyone:
Everything that has been posted is related for use by the security expert and the person that he or she is trying to help.
Do not take it upon yourself to follow instructions given here since all problems and soloutions are related to your specific computer.
Also to do a destructive recovery, drives , partitions and such, you better know what you are doing as in having back-up disc and such.
Or you could fry (fry) your hard drive, processor, motherboard, and the whole ball of wax would be that your computer is now a boat anchor or just plain scrap that you can just sit and plant flowers upon.
I have done many destructive recovery's - so research the matter throughly before doing anything. Thanks, jeff in louisiana.
pskelley
2009-06-09, 21:33
Thanks for the information, I am sure that will help someone if they take the time to read it. I am not sure if you need all of the information I usually post but I will post it and you can use what you need.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update AVG 8.5 and scan the system, to be sure it is running right and scanning clean.
Good AVG informmation:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
rebelssdd
2009-06-09, 21:58
THANKS PSKELLEY:thanks: YOU CAN CLOSE THIS CASE NOW.
pskelley
2009-06-14, 14:25
Thanks for taking the time to let me know:bigthumb: safe surfing.