Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > antivirus dns googleredirect

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

antivirus dns googleredirect

Reply to Message Icon

Name: shanehu
Date: November 20, 2008 at 12:09:58 Pacific
OS: winxp pro sp3
CPU/Ram: 480mb
Product: hp 751n
Comment:

I've tried everything in this forum to include the regfix - fix winsock- change the name of malware - change all the .exe's in malware - combofix - I feel ive done everything



Sponsored Link
Ads by Google

Response Number 1
Name: shanehu
Date: November 20, 2008 at 12:11:36 Pacific
Reply:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:11:10 PM, on 11/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OWNER\Desktop\HijackThis_61608.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\gotcha12\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE5198EE-779D-404D-A06E-106482ACF5DC}: NameServer = 66.42.86.8,66.42.86.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2568 bytes


0

Response Number 2
Name: shanehu
Date: November 20, 2008 at 12:13:06 Pacific
Reply:

"OWNER" - 2008-11-20 11:29:00 Service Pack 3
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\OWNER\"
Command switches used :: "C:\CFScript.txt"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 ))))))))))))))))))))))))))))))))))


2008-11-20 11:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Solt Lake Software
2008-11-20 10:24 <DIR> d-------- C:\Program Files\gotcha
2008-11-20 10:04 49,152 --a------ C:\WINDOWS\nircmd.exe
2008-11-20 09:57 1,088,512 --a------ C:\gotcha.exe
2008-11-19 11:53 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-19 11:53 2,372,472 --a------ C:\gotcha12.exe
2008-11-19 11:53 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-19 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-11-19 07:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-11-18 18:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-18 15:32 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-11-18 15:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-11-18 15:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-11-18 15:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-11-18 15:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-11-18 15:14 <DIR> d-------- C:\Program Files\AVG
2008-11-18 15:14 <DIR> d-------- C:\DOCUME~1\OWNER\APPLIC~1\AVGTOOLBAR
2008-11-18 14:47 32,768 -ra------ C:\WINDOWS\system32\drivers\sisnicxp.sys
2008-11-18 14:47 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-11-18 14:47 <DIR> d-------- C:\WINDOWS\SiS
2008-11-18 13:00 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-11-18 12:59 1,221,008 --a------ C:\WINDOWS\system32\zpeng25.dll
2008-11-18 12:59 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-11-18 12:56 <DIR> d-------- C:\WINDOWS\Prefetch
2008-11-18 12:44 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-11-18 12:43 <DIR> d-------- C:\WINDOWS\system32\en
2008-11-18 12:43 <DIR> d-------- C:\WINDOWS\system32\bits
2008-11-18 12:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-11-18 12:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-11-18 12:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
2008-11-18 11:40 <DIR> d-------- C:\WINDOWS\network diagnostic
2008-11-18 11:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2008-11-18 11:33 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2008-11-18 11:31 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-11-18 11:27 50,596 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-11-18 11:26 27,313,552 --a------ C:\zaZA_Setup_en.exe
2008-11-18 11:07 <DIR> d-------- C:\WINDOWS\pss
2008-11-18 11:05 <DIR> d-------- C:\DOCUME~1\OWNER\APPLIC~1\Apple Computer
2008-11-18 11:02 <DIR> d-------- C:\Program Files\Safari
2008-11-18 11:01 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-11-18 11:00 <DIR> d-------- C:\Program Files\QuickTime
2008-11-18 11:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2008-11-18 10:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-11-18 10:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2008-11-18 10:55 51,373,352 --a------ C:\SafariQuickTimeSetup.exe
2008-11-18 10:54 50,689,960 --a------ C:\avg_free_stf_en_8_173a1373.exe
2008-11-18 10:53 812,344 --a------ C:\HJTInstall.exe
2008-11-11 09:39 267,136 -ra------ C:\WINDOWS\system32\drivers\sis7012.sys
2008-11-11 09:39 115,864 -ra------ C:\WINDOWS\system32\a3d.dll
2008-11-11 09:39 <DIR> d-------- C:\Program Files\SiS7012
2008-11-07 16:42 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-11-07 16:42 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2008-11-06 16:04 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-10-30 16:48 94,208 --------- C:\WINDOWS\system32\eappgnui.dll
2008-10-30 16:48 9,216 --------- C:\WINDOWS\system32\dot3dlg.dll
2008-10-30 16:48 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-30 16:48 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2008-10-30 16:48 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-10-30 16:48 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-10-30 16:48 59,392 --------- C:\WINDOWS\system32\eapqec.dll
2008-10-30 16:48 57,856 --------- C:\WINDOWS\system32\dot3cfg.dll
2008-10-30 16:48 56,320 --------- C:\WINDOWS\system32\dot3msm.dll
2008-10-30 16:48 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2008-10-30 16:48 48,640 --------- C:\WINDOWS\system32\dhcpqec.dll
2008-10-30 16:48 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-10-30 16:48 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2008-10-30 16:48 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2008-10-30 16:48 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2008-10-30 16:48 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2008-10-30 16:48 40,960 --------- C:\WINDOWS\system32\eappprxy.dll
2008-10-30 16:48 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-10-30 16:48 39,936 --------- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-30 16:48 39,936 --------- C:\WINDOWS\system32\dimsroam.dll
2008-10-30 16:48 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-30 16:48 37,888 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2008-10-30 16:48 36,480 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008-10-30 16:48 33,792 --------- C:\WINDOWS\system32\eapsvc.dll
2008-10-30 16:48 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2008-10-30 16:48 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-30 16:48 30,720 --------- C:\WINDOWS\system32\eapolqec.dll
2008-10-30 16:48 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-10-30 16:48 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-10-30 16:48 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-10-30 16:48 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-10-30 16:48 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-10-30 16:48 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-10-30 16:48 26,112 --------- C:\WINDOWS\system32\dot3api.dll
2008-10-30 16:48 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-10-30 16:48 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2008-10-30 16:48 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-10-30 16:48 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2008-10-30 16:48 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2008-10-30 16:48 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2008-10-30 16:48 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2008-10-30 16:48 19,456 --------- C:\WINDOWS\system32\dimsntfy.dll
2008-10-30 16:48 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-10-30 16:48 184,832 --------- C:\WINDOWS\system32\eapp3hst.dll
2008-10-30 16:48 180,224 --------- C:\WINDOWS\system32\eapphost.dll
2008-10-30 16:48 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2008-10-30 16:48 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2008-10-30 16:48 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2008-10-30 16:48 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2008-10-30 16:48 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-10-30 16:48 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2008-10-30 16:48 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-10-30 16:48 132,096 --------- C:\WINDOWS\system32\dot3svc.dll
2008-10-30 16:48 126,976 --------- C:\WINDOWS\system32\eappcfg.dll
2008-10-30 16:48 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-10-30 16:48 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2008-10-30 16:48 101,120 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2008-10-30 16:48 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-10-30 16:47 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-10-30 16:47 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-30 16:47 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-10-30 16:47 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-10-30 16:47 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-10-30 16:47 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-10-30 16:47 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-10-30 16:47 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-10-30 16:47 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-10-30 16:47 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-10-30 16:47 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-10-30 16:47 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-30 16:47 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-30 16:46 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-10-30 16:46 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-10-30 16:46 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-10-30 16:46 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2008-10-30 16:46 73,796 --------- C:\WINDOWS\system32\slserv.exe
2008-10-30 16:46 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-10-30 16:46 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-10-30 16:46 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-10-30 16:46 59,136 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2008-10-30 16:46 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-10-30 16:46 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-10-30 16:46 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-10-30 16:46 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2008-10-30 16:46 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2008-10-30 16:46 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-30 16:46 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-10-30 16:46 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2008-10-30 16:46 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2008-10-30 16:46 32,866 --------- C:\WINDOWS\slrundll.exe
2008-10-30 16:46 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-10-30 16:46 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-10-30 16:46 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-10-30 16:46 30,208 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2008-10-30 16:46 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2008-10-30 16:46 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-10-30 16:46 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-10-30 16:46 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2008-10-30 16:46 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-10-30 16:46 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-10-30 16:46 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-10-30 16:46 188,508 --------- C:\WINDOWS\system32\slgen.dll
2008-10-30 16:46 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-10-30 16:46 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-10-30 16:46 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-10-30 16:46 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-10-30 16:46 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2008-10-30 16:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2008-10-30 16:46 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-10-30 16:46 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-10-30 16:46 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2008-10-30 16:46 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-10-30 16:46 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-10-30 16:46 1,307,648 --------- C:\WINDOWS\system32\msxml6.dll
2008-10-30 16:45 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-10-30 16:45 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-10-30 16:45 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-30 16:45 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-10-30 16:44 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2008-10-30 16:44 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008-10-30 16:44 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-10-30 16:44 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-10-30 16:44 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2008-10-30 16:44 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008-10-30 16:44 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2008-10-30 16:44 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2008-10-30 16:44 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2008-10-30 16:44 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-10-30 16:44 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-10-30 16:44 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-10-30 16:44 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2008-10-30 16:44 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-10-30 16:44 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008-10-30 16:44 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2008-10-30 16:44 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2008-10-30 16:44 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2008-10-30 16:44 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2008-10-30 16:44 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-10-30 16:44 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-10-30 16:44 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-10-30 16:44 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2008-10-30 16:44 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-10-30 16:44 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2008-10-30 16:44 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-10-30 16:44 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-10-30 16:44 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2008-10-30 16:44 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2008-10-30 16:44 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-10-30 16:44 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-10-30 16:44 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-10-30 16:44 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2008-10-30 16:44 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-10-30 16:44 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-10-30 16:44 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-10-30 16:44 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-10-30 16:44 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2008-10-30 16:44 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-10-30 16:44 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-10-30 16:44 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-30 16:44 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-10-30 16:44 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-10-30 16:39 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-27 05:49 <DIR> d--hs---- C:\Documents and Settings\OWNER\UserData
2008-10-27 05:49 <DIR> d--hs---- C:\DOCUME~1\OWNER\UserData
2008-10-27 05:46 <DIR> d-------- C:\DOCUME~1\OWNER\APPLIC~1\Ahead


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-11-18 20:49:28 -------- d-----w C:\Program Files\Messenger
2008-11-18 20:43:54 -------- d-----w C:\Program Files\Movie Maker
2008-11-18 20:37:03 -------- d-----w C:\Program Files\Windows NT
2008-11-18 19:00:11 -------- d-----w C:\Program Files\Bonjour
2008-11-11 17:39:28 -------- d-----w C:\Program Files\Common Files\InstallShield
2008-11-07 00:05:09 -------- d-----w C:\DOCUME~1\OWNER\APPLIC~1\Image Zone Express
2008-10-31 21:34:16 -------- d-----w C:\Program Files\HP
2008-10-31 21:34:08 -------- d-----w C:\Program Files\Hewlett-Packard
2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-09-30 14:58:24 -------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-09-24 12:36:23 68,901 ----a-w C:\WINDOWS\hpoins05.dat
2008-09-24 02:14:46 -------- d-----w C:\Program Files\Common Files\HP
2008-09-15 12:12:56 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-04 17:15:04 1,106,944 ----a-w C:\WINDOWS\system32\msxml3.dll
2008-08-29 18:18:58 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 17:53:50 65,536 ----a-w C:\WINDOWS\system32\jdns_sd.dll
2008-08-29 17:53:50 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-18 15:14]
{A057A204-BACC-4D26-9990-79A187E2698E}=C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-18 15:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 20:41]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-18 15:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 16:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
%SystemRoot%\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
napagent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2698bd43-bfe0-11d3-8838-806d6172696f}]
AutoRun\command- D:\setup.exe

Contents of the 'Scheduled Tasks' folder
2008-11-18 18:59:52 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 11:35:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmxst.sys"

Completion time: 2008-11-20 11:38:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-11-20 11:37
C:\ComboFix2.txt ... 2008-11-20 10:04

--- E O F ---


0

Response Number 3
Name: jabuck
Date: November 20, 2008 at 18:19:08 Pacific
Reply:

I wish this forum would allow you to post Hijack This logs with a request but for now it does not.

This post will be deleted by the moderator because you cannot post a Hijack This log on this forum without being requested to by a helper.

After this thread is deleted start a new thread and state only the problem, no logs please.


0

Response Number 4
Name: shanehu
Date: November 21, 2008 at 09:34:02 Pacific
Reply:

thanks jabuck, ill repost soon


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


Huge Virus Problem WLOC out Morro in



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: antivirus dns googleredirect
disabled firewall, antivirus, etc. www.computing.net/answers/security/disabled-firewall-antivirus-etc/8564.html

Windows Antivirus Popup www.computing.net/answers/security/windows-antivirus-popup/21805.html

no surf in Vista - antivirus issue www.computing.net/answers/security/no-surf-in-vista-antivirus-issue/25540.html