Yet another goolge search virus

January 8, 2009 at 03:21:27
Specs: Microsoft Windows XP Professional, 2.41 GHz / 2047 MB
Hi there.. I have also been hit by the virus that causes incorrect search results. I have followed a lot of the advice on this forum including running Malware bytes, SDFix, and ComboFix. It still seems to be there. I was hoping one of the experts out there could take a look at my log files and help me figure out what is going on.

See More: Yet another goolge search virus

Report •


#1
January 8, 2009 at 15:07:57
Post you combofix log, should be located at C:\Combofix.txt.

Report •

#2
January 8, 2009 at 15:25:51
Thanks for the response. I may have fixed it as I can currently search without problems. Although... I thought this before and it came back. Here is the combofix data:

ComboFix 09-01-07.02 - zac 2009-01-08 0:58:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1476 [GMT -8:00]
Running from: c:\documents and settings\zac\Desktop\ComboFix.exe
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 00:45 . 2009-01-08 00:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-08 00:43 . 2009-01-08 00:43 <DIR> d-------- c:\windows\ERUNT
2009-01-07 22:29 . 2009-01-08 00:53 <DIR> d-------- C:\SDFix
2009-01-07 22:07 . 2009-01-07 22:06 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 22:00 . 2009-01-07 22:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 22:00 . 2009-01-07 22:00 <DIR> d-------- c:\documents and settings\zac\Application Data\Malwarebytes
2009-01-07 22:00 . 2009-01-07 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 22:00 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 22:00 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 20:58 . 2009-01-07 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-07 15:31 . 2009-01-07 15:31 <DIR> d-------- c:\documents and settings\zac\Application Data\Apple Computer
2009-01-06 13:03 . 2009-01-06 13:03 <DIR> d-------- c:\program files\Xvid
2009-01-06 13:03 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2009-01-06 13:03 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-01-06 13:03 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2009-01-06 03:49 . 2009-01-06 03:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-06 03:47 . 2009-01-06 03:47 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 03:47 . 2009-01-06 03:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-06 03:47 . 2009-01-08 00:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-06 03:47 . 2009-01-06 03:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 03:46 . 2009-01-06 03:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-04 19:47 . 2009-01-04 19:47 <DIR> d-------- C:\epson
2009-01-04 17:16 . 2009-01-04 17:16 <DIR> d-------- c:\documents and settings\zac\Application Data\QuadToneRIP
2009-01-04 17:04 . 2009-01-04 17:16 <DIR> d-------- c:\program files\QuadToneRIP
2009-01-03 23:40 . 2009-01-03 23:40 <DIR> d-------- c:\documents and settings\zac\Application Data\AdobeUM
2009-01-03 18:50 . 2009-01-03 18:50 <DIR> d-------- c:\documents and settings\zac\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-03 18:48 . 2009-01-03 18:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-02 13:15 . 2009-01-02 13:15 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-02 13:15 . 2009-01-02 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-31 13:34 . 2008-12-31 13:34 <DIR> d-------- c:\program files\AVG
2008-12-27 22:52 . 2008-12-27 22:56 <DIR> d-------- c:\documents and settings\zac\dwhelper
2008-12-27 17:25 . 2008-12-27 17:25 999 --a------ C:\net_save.dna
2008-12-27 17:24 . 2008-12-27 17:26 <DIR> d-------- c:\program files\support.com
2008-12-27 17:24 . 2008-12-27 17:24 <DIR> d-------- c:\program files\Common Files\SupportSoft
2008-12-23 02:21 . 2009-01-06 03:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-22 12:21 . 2008-12-22 12:21 <DIR> d-------- c:\program files\SanDisk
2008-12-22 12:21 . 2008-10-14 12:01 503,952 --a------ c:\windows\system32\msvcp71.dll
2008-12-22 12:21 . 2008-10-14 12:01 352,400 --a------ c:\windows\system32\msvcr71.dll
2008-12-22 12:21 . 2008-10-14 12:01 14,608 --a------ c:\windows\system32\iviaspi.sys
2008-12-22 12:08 . 2008-04-13 16:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-22 12:07 . 2008-12-22 12:07 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-22 12:03 . 2008-12-22 12:03 <DIR> d-------- c:\documents and settings\zac\Application Data\SanDisk
2008-12-19 23:05 . 2008-12-19 23:05 <DIR> d-------- c:\program files\THQ
2008-12-19 21:50 . 2008-12-19 21:50 <DIR> d-------- c:\documents and settings\zac\Application Data\Lasersoft Imaging
2008-12-19 21:50 . 2007-03-20 17:26 172,032 --a------ c:\windows\system32\libssl32.dll
2008-12-19 21:49 . 2008-12-19 21:49 <DIR> d-------- c:\program files\SilverFast Application
2008-12-19 21:49 . 2004-11-08 13:55 887,296 --a------ c:\windows\system32\libeay32.dll
2008-12-19 21:49 . 2005-03-08 11:30 626,688 --a------ c:\windows\system32\libcurl.dll
2008-12-19 21:49 . 2005-08-31 10:20 233,557 --a------ c:\windows\system32\esint54.dll
2008-12-19 21:49 . 2005-10-27 18:49 196,608 --a------ c:\windows\system32\esdice63.dll
2008-12-19 21:49 . 2005-01-14 15:40 167,936 --a------ c:\windows\system32\DICELibSF1.dll
2008-12-19 21:49 . 2005-12-15 18:03 151,552 --a------ c:\windows\system32\DICELibSF2.dll
2008-12-19 13:58 . 2008-12-19 13:58 800 --a------ c:\windows\hpinfo.lnk
2008-12-19 13:57 . 2008-12-19 13:58 <DIR> d-------- c:\program files\hp deskjet 930c series
2008-12-19 13:57 . 2008-12-19 13:57 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-19 13:57 . 2006-01-13 16:36 274,432 --------- c:\windows\system32\hpfinst.dll
2008-12-19 13:57 . 2006-01-13 16:36 262,144 --a------ c:\windows\system32\hpzcon04.dll
2008-12-19 13:57 . 2006-01-13 16:36 200,704 --a------ c:\windows\system32\hpzcoi04.dll
2008-12-19 13:57 . 2006-01-13 16:36 114,744 --a------ c:\windows\system32\hpzlnt04.dll
2008-12-19 13:57 . 2006-01-13 16:36 53,248 --a------ c:\windows\system32\hpfinsta.exe
2008-12-19 11:14 . 2008-12-19 11:14 <DIR> d-------- c:\program files\Microsoft Office Live
2008-12-18 15:29 . 2009-01-07 11:24 116 --a------ c:\windows\NeroDigital.ini
2008-12-18 15:20 . 2008-12-19 23:39 <DIR> d-------- c:\documents and settings\zac\Application Data\Ahead
2008-12-18 15:18 . 2008-12-18 15:18 <DIR> d-------- c:\program files\Nero
2008-12-18 15:18 . 2008-12-18 15:22 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-18 15:18 . 2008-12-18 15:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-16 12:57 . 2008-12-16 12:57 <DIR> d-------- c:\program files\DVD Shrink
2008-12-16 12:57 . 2008-12-28 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-15 13:27 . 2008-12-15 13:33 <DIR> d-------- c:\program files\Microsoft Money Plus
2008-12-15 13:18 . 2008-12-15 13:18 <DIR> d-------- c:\windows\Sun
2008-12-15 13:18 . 2008-12-22 01:39 <DIR> d-------- c:\documents and settings\zac\.SOSValue
2008-12-15 13:18 . 2008-12-15 13:20 <DIR> d-------- c:\documents and settings\zac\.roescache
2008-12-14 15:39 . 2008-12-14 15:39 <DIR> d-------- c:\program files\Astonsoft
2008-12-14 15:39 . 2008-12-14 21:38 <DIR> d-------- c:\documents and settings\zac\Application Data\DeepBurner
2008-12-12 23:21 . 2008-12-12 23:21 <DIR> d-------- c:\program files\Google
2008-12-11 07:30 . 2008-12-11 07:30 <DIR> d-------- c:\program files\MagicISO
2008-12-10 12:31 . 2008-12-10 12:31 <DIR> d-------- C:\WTablet
2008-12-10 03:05 . 2008-12-10 03:05 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-09 08:46 . 2008-12-09 08:46 <DIR> d-------- C:\N++RECOV
2008-12-09 06:30 . 2008-12-09 06:30 <DIR> d-------- C:\HammerAutosave
2008-12-09 02:34 . 2008-12-09 03:01 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-09 00:43 . 2008-12-09 00:43 <DIR> d--h----- c:\windows\PIF
2008-12-09 00:32 . 2009-01-06 09:59 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2008-12-08 01:19 . 2008-12-08 01:19 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-08 01:10 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-12-08 01:10 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-12-08 01:10 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-12-08 01:10 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-12-08 01:10 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-12-08 01:10 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-12-08 01:08 . 2008-12-08 01:09 <DIR> d-------- c:\windows\system32\drivers\umdf
2008-12-08 01:07 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-08 01:07 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-08 01:07 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-08 01:07 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 08:55 --------- d-----w c:\documents and settings\zac\Application Data\Skype
2009-01-08 08:54 --------- d-----w c:\documents and settings\zac\Application Data\skypePM
2009-01-08 08:48 --------- d-----w c:\documents and settings\zac\Application Data\WTablet
2009-01-08 07:51 --------- d-----w c:\program files\Steam
2009-01-08 07:51 --------- d-----w c:\documents and settings\zac\Application Data\uTorrent
2009-01-08 06:06 --------- d-----w c:\program files\Java
2009-01-08 05:01 --------- d-----w c:\documents and settings\zac\Application Data\FileZilla
2009-01-08 00:48 --------- d-----w c:\program files\Songbird
2009-01-06 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-05 03:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 21:14 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 04:51 --------- d-----w c:\program files\FileZilla FTP Client
2008-12-22 20:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-06 09:19 --------- d-----w c:\program files\VTFEdit
2008-12-06 08:16 --------- d-----w c:\program files\QuickTime
2008-12-06 08:15 --------- d-----w c:\program files\Common Files\Apple
2008-12-06 08:15 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-06 03:06 --------- d-----w c:\program files\CCleaner
2008-12-05 06:55 --------- d-----w c:\documents and settings\zac\Application Data\OpenOffice.org
2008-12-05 06:53 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-05 06:53 --------- d-----w c:\program files\JRE
2008-12-02 18:36 --------- d-----w c:\program files\epson
2008-12-02 04:12 --------- d-----w c:\program files\uTorrent
2008-12-01 20:31 --------- d-----w c:\documents and settings\zac\Application Data\vlc
2008-11-30 07:19 --------- d-----w c:\program files\PowerISO
2008-11-30 03:19 --------- d-----w c:\program files\Unlocker
2008-11-30 02:04 319,488 ----a-w c:\windows\HideWin.exe
2008-11-30 02:04 --------- d-----w c:\program files\Realtek
2008-11-29 08:19 --------- d-----w c:\documents and settings\zac\Application Data\Notepad++
2008-11-29 05:19 --------- d-----w c:\program files\VideoLAN
2008-11-29 05:19 --------- d-----w c:\program files\IZArc
2008-11-29 05:17 --------- d-----w c:\program files\Opera
2008-11-29 04:56 --------- d-----w c:\documents and settings\zac\Application Data\EPSON
2008-11-29 04:54 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2008-11-29 04:53 --------- d-----w c:\documents and settings\zac\Application Data\InstallShield
2008-11-29 04:51 --------- d-----w c:\program files\Tablet
2008-11-29 04:32 --------- d-----w c:\program files\Skype
2008-11-29 04:32 --------- d-----w c:\program files\Common Files\Skype
2008-11-29 04:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-29 04:21 --------- d-----w c:\program files\Bonjour
2008-11-29 04:13 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-29 03:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-29 03:06 --------- d-----w c:\program files\MultipleIEs
2008-11-29 02:39 --------- d-----w c:\documents and settings\zac\Application Data\Songbird2
2008-11-29 02:39 --------- d-----w c:\documents and settings\All Users\Application Data\SongbirdVLC
2008-11-29 02:37 --------- d-----w c:\program files\Notepad++
2008-11-29 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-28 23:10 --------- d-----w c:\program files\DIFX
2008-11-28 23:03 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SansaDispatch"="c:\documents and settings\zac\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-12-22 79872]
"Google Update"="c:\documents and settings\zac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-28 133104]
"MoneyBackgoundBanking"="c:\program files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe" [2008-02-19 53264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"EPSON Stylus Photo R2400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9SA.EXE" [2004-11-09 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-01-02 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-28 21:14 133104 c:\documents and settings\zac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-28 22:52 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"avg8emc"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\zedentropy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-11-28 11520]
S4 gupdate1c95cf360112b9f;Google Update Service (gupdate1c95cf360112b9f);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3a160f-bdca-11dd-8d8d-0016e6d49ed4}]
\Shell\AutoRun\command - J:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-28 21:14]

2009-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1645522239-725345543-1003.job
- c:\documents and settings\zac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-28 21:14]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe


.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\zac\Application Data\Mozilla\Firefox\Profiles\yq7tso3u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\zac\Application Data\Mozilla\Firefox\Profiles\yq7tso3u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\zac\Application Data\Mozilla\Firefox\Profiles\yq7tso3u.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\documents and settings\zac\Application Data\Mozilla\Firefox\Profiles\yq7tso3u.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\zac\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 00:59:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\zac\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?ylesheet" href="style.css" type="text/css" /> </head> <body leftmargin="0" topmargin=

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-08 1:00:08
ComboFix-quarantined-files.txt 2009-01-08 08:59:33

Pre-Run: 18,369,814,528 bytes free
Post-Run: 18,358,947,840 bytes free

268 --- E O F --- 2009-01-01 11:00:31


Report •

#3
January 8, 2009 at 15:38:58
Reset your router if you have one, should be a reset button on the back. If you are not sure how to do that do a online sacn for direction on your make/model.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Report •

Related Solutions

#4
January 9, 2009 at 14:18:08
Thanks so much for the response. Here is what Goored told me:

GooredFix v1.72 by jpshortstuff
Log created at 14:17 on 09/01/2009 running Option #1 (zac)
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


Report •

#5
January 9, 2009 at 19:31:14
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •


Ask Question