Redirecting issues and other behaviour

claffin · Sep 1, 2008

Im having a couple of issues with my internet. On Saturday my partner accidentally downloaded what she thought was a codec needed to play a audio file except it wasn't I believe it was a virus of some type or other malware application. Since then ive ran several virus scans using ESET NOD 32, AVG FREE, AVAST and STEGANOS I.E SECURITY. None of these came up with any virus's. I then ran Adaware which came up with just tracking cookies. I began to search the net for help and found that majority of the sites do not connect this one is one of the only ones i have been able to look at. The other thing is when searching through google and i click on search results they get redirected to other sites. here is one of the sites it redirects to hxxp://go.google.com/?u=AsIyNw_x8glhbAqMQBaYJUnkIzKVfBrUQVwEk4tgXTX5M477UyuW_Ld2VDDpjjngPob3u25SzVqF626SjUpzf9fhVpanVx-uRnBp8pibKO55MYJ6IVMGnIjRWEUv9oXiEd_tyH_WxhfeqiG45Mk8ds0PdGA02tYlve53IJTqh7Ei4OX39niN_6mHE89Zkk-91zPpS_1XWnEaboL9hnMl9G3f_-K-yMfjfy5LL0WVnGFspdM2s7oHRcDn9YN0bdH2RYqTzcvj1vyYWy7b9Fqtc1ULu2vr91N8dyYIfS6IA9ZJqr-6gqgMAz_ZozHyT4AxJ5aRSjIn7hsCBakj1Ziol5cbr_MGiIVAWDwIEI2KCipQ3qTIEoEZ6w47tsJwpowhCBFAkwcIxn4D-YHMlpeDhhfD7FcY91vG-cCPChpAljOUnNpqyRJFFM8_HU_EwJPiB7G4ugzMG8iFgDYP-EkcRhuPo973nkI_DRUA0outMkdoNe%3Ds%3Fphp.c%2F711.691.111.46

I might be able to find the solution im looking for however i cant get to any of the sites. I cannot upload any files such like the HJT log file so ill have to copy and paste.

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 4:41:10 PM, on 1/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Main\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Main\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Family%20Feud%202/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212306674387
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Family%20Feud%202/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.microgaming.com/generic/FlashAX2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

------------------------------------------------------------

Any help will be much appreciated. Currently my system has no anti virus or other programs installed so it is all ready for a step by step on what to do. Hopefully this site will stay accesbile to me

claffin · Sep 1, 2008

ComboFix part 1
"Main" - 2008-09-01 15:15:15 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Main\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))))))

2008-09-01 14:51 49,152 --a------ C:\WINDOWS\nircmd.exe
2008-09-01 14:12 1,063 --a------ C:\Documents and Settings\Main\Start.bat
2008-09-01 14:12 1,063 --a------ C:\DOCUME~1\Main\Start.bat
2008-09-01 14:12 <DIR> d-------- C:\Documents and Settings\Main\ComboFixT
2008-09-01 14:12 <DIR> d-------- C:\DOCUME~1\Main\ComboFixT
2008-09-01 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2008-09-01 14:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2008-09-01 12:53 <DIR> d-------- C:\DOCUME~1\Main\APPLIC~1\ESET
2008-09-01 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
2008-09-01 12:22 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2008-09-01 12:10 <DIR> d-------- C:\Program Files\Lx_cats
2008-09-01 12:10 <DIR> d-------- C:\DOCUME~1\Main\APPLIC~1\5400 Series
2008-09-01 12:09 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-09-01 12:09 45,056 --a------ C:\WINDOWS\system32\lxctpmon.dll
2008-09-01 12:09 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-09-01 12:09 32,768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2008-09-01 12:09 12,288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2008-09-01 12:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
2008-09-01 12:08 323,584 --a------ C:\WINDOWS\system32\LXCThcp.dll
2008-09-01 12:08 274,432 --a------ C:\WINDOWS\system32\LXCTinst.dll
2008-09-01 12:08 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2008-09-01 12:08 <DIR> d-------- C:\Program Files\Lexmark 5400 Series
2008-09-01 12:08 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-09-01 12:07 77,824 -ra------ C:\WINDOWS\system32\lxctcfg.dll
2008-09-01 12:07 331,776 -ra------ C:\WINDOWS\system32\lxctcoin.dll
2008-09-01 02:33 <DIR> d-------- C:\Program Files\Steganos
2008-09-01 02:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
2008-08-31 19:03 2,934 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-31 18:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-31 18:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 17:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-08-30 18:39 <DIR> d-------- C:\Program Files\Selectsoft
2008-08-30 18:27 <DIR> d-------- C:\Program Files\mIRC(2)
2008-08-30 18:27 <DIR> d-------- C:\DOCUME~1\Main\APPLIC~1\mIRC
2008-08-24 11:26 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-08-24 11:26 <DIR> d-------- C:\Program Files\Vtune
2008-08-23 05:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-21 20:38 <DIR> d-------- C:\Program Files\Deadliest Catch Alaskan Storm
2008-08-20 10:17 <DIR> d-------- C:\MYOBODBC
2008-08-20 10:14 <DIR> d-------- C:\Program Files\MYOB
2008-08-20 10:14 <DIR> d-------- C:\myob17
2008-08-19 22:01 <DIR> d-------- C:\Program Files\Jewel.Quest.3
2008-08-18 16:13 <DIR> d-------- C:\etax2008
2008-08-17 15:09 <DIR> d-------- C:\Program Files\ASTRA32
2008-08-17 15:04 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2008-08-15 18:45 <DIR> d-------- C:\TVF
2008-08-15 18:45 <DIR> d-------- C:\Price
2008-08-15 16:03 <DIR> d-------- C:\DOCUME~1\Main\APPLIC~1\Apple Computer
2008-08-15 15:50 <DIR> d-------- C:\Program Files\QuickTime
2008-08-15 15:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-15 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-08-15 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-08-14 09:40 <DIR> d-------- C:\Program Files\Bettys Beer Bar
2008-08-13 17:12 <DIR> d-------- C:\Program Files\Bricks of Atlantis
2008-08-05 21:45 <DIR> d-------- C:\Program Files\Pizza Frenzy
2008-08-01 00:36 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

claffin · Sep 1, 2008

combofix part 2

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-09-01 03:22:39 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\uTorrent
2008-09-01 03:01:57 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 03:01:57 -------- d-----w C:\Program Files\Electronic Arts
2008-09-01 03:01:29 -------- d-----w C:\Program Files\PartyGaming
2008-08-22 07:43:50 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\Vso
2008-08-19 12:32:24 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\iWin
2008-08-19 12:23:28 -------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 06:53:19 -------- d-----w C:\Program Files\Family Feud
2008-08-19 03:11:07 -------- d-----w C:\Program Files\Jewel Quest 2 Tournament Edition
2008-08-16 09:32:10 1,171 ----a-w C:\WINDOWS\eReg.dat
2008-08-16 08:49:18 -------- d-----w C:\Program Files\EA Games
2008-08-14 17:34:39 -------- d-----w C:\Program Files\Messenger
2008-08-13 07:41:22 -------- d-----w C:\Program Files\Aloha Solitaire
2008-08-13 06:54:09 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\teamspeak2
2008-07-30 07:07:14 -------- d-----w C:\Program Files\Hasbro
2008-07-29 02:32:58 -------- d-----w C:\Program Files\UnrealTournament
2008-07-28 05:34:48 -------- d-----w C:\Program Files\Braingame
2008-07-26 09:51:35 -------- d-----w C:\Program Files\UTCacheCleaner3
2008-07-25 08:09:08 -------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-25 08:07:36 -------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-25 08:07:28 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\SystemRequirementsLab
2008-07-25 06:10:34 -------- d-----w C:\Program Files\Snapshot Viewer
2008-07-25 06:09:23 -------- d-----w C:\Program Files\microsoft frontpage
2008-07-23 05:29:04 -------- d-----w C:\Program Files\Teamspeak2_RC2
2008-07-21 09:47:27 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\TVU Networks
2008-07-21 09:47:21 -------- d-----w C:\Program Files\TVUPlayer
2008-07-21 01:14:32 -------- d-----w C:\Program Files\CONEXANT
2008-07-18 12:40:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:40:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:40:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:40:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:39:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:39:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:39:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:39:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:37:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:37:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-16 02:04:12 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\Leadertech
2008-07-13 05:59:27 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\Uniblue
2008-07-11 13:05:31 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\dvdcss
2008-07-10 08:34:08 16 ----a-w C:\WINDOWS\popcinfo.dat
2008-07-08 06:25:42 -------- d-----w C:\Program Files\Poker Indicator
2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 06:54:34 -------- d-----w C:\DOCUME~1\Main\APPLIC~1\SpinTop
2008-07-05 08:34:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-05 02:02:17 -------- d-----w C:\Program Files\Pokie Magic Games
2008-07-05 02:02:07 -------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-02 08:35:08 -------- d-----w C:\Program Files\VSO
2008-07-01 07:28:31 -------- d-----w C:\Program Files\Zzed
2008-07-01 07:21:38 -------- d-----w C:\Program Files\William Hill Poker
2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 10:48:08 13 ----a-w C:\WINDOWS\winpg.sys
2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-17 05:02:26 87,608 ----a-w C:\DOCUME~1\Main\APPLIC~1\inst.exe
2008-06-17 05:02:26 47,360 ----a-w C:\DOCUME~1\Main\APPLIC~1\pcouffin.sys
2008-06-12 08:16:51 6,196,664 ----a-w C:\Program Files\SearchCasinoSetup.exe
2008-06-07 11:02:29 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-07 11:02:29 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-01 13:14:22 1,169 ----a-w C:\WINDOWS\mozver.dat
2008-06-01 08:36:50 0 ----a-w C:\WINDOWS\nsreg.dat
2008-06-01 07:10:27 0 --sha-r C:\MSDOS.SYS
2008-06-01 07:10:27 0 --sha-r C:\IO.SYS
2008-06-01 07:10:27 0 ----a-w C:\CONFIG.SYS
2008-06-01 07:10:27 0 ----a-w C:\AUTOEXEC.BAT
2008-06-01 07:06:38 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}=C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-10 00:07]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 10:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"nwiz"="nwiz.exe" [2008-05-16 14:01 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50]
"Gainward"="C:\Program Files\Vtune\TBPanel.exe" [2007-04-23 19:21]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 22:28]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 22:29]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 22:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:42]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 22:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent

Contents of the 'Scheduled Tasks' folder
2008-08-30 04:11:05 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-09-01 04:42:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2008-07-13 04:42:18 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 15:20:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"

Completion time: 2008-09-01 15:23:30
C:\ComboFix-quarantined-files.txt ... 2008-09-01 15:22
C:\ComboFix2.txt ... 2008-09-01 14:51

--- E O F ---

claffin · Sep 11, 2008

Hey just wanted to let everyone know that my pc is now clean. I purchased a security suite which because of th malware would not install. I got them to do remote assistance and they used a program called Malwarebytes Anti-Malware. After they ran this it found 11 infected files which no other program found and which finally fixed the browser allowing me to download the security site. I recommend if you have browser issues to download it.

Blind Dragon · Sep 11, 2008

hmm, well our preliminary removal instructions listed in the sticky at the top of this section would have suggested that

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

and btw your hijackthis version is way out of date

Redirecting issues and other behaviour

claffin

claffin

claffin

claffin

Blind Dragon

Posts: 3,774 +4

Similar threads

Latest posts