Google Redirect Virus

October 11, 2009 at 21:38:39
Specs: Windows Vista
I think that I have some sort of google redirect virus, and I am getting tired of talking to tech support that is unable to help me do anything without a credit card. I am just trying to help out with fixing my father-in-law's computer...

If I post the log file from Hijackthis, can someone help me out with the steps I need to follow to remove the problem?

Thanks in advance.


See More: Google Redirect Virus

Report •


#1
October 11, 2009 at 21:55:06
I should clarify. The problem occurs only in google, when I
am trying to follow the link of a search result. I an consistantly
redirected to a random site, usually one I have never heard
of... I can't match my results to any site others with similar
problems are getting redirects to, but I
assume that this is still a google redirect virus.

I have run the newset versions of paid norton 360, which includes spyware scans, and nothing but Internet cookies come up...

Thanks again in advance.


Report •

#2
October 12, 2009 at 03:04:22

Report •

#3
October 12, 2009 at 06:48:48
I ran combofix, and got a log file. However, the problem still exists. Should I post the log file?

Report •

Related Solutions

#4
October 12, 2009 at 06:56:06
Here is the log:

ComboFix 09-10-11.03 - humick1 10/12/2009 9:09.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1066 [GMT -4:00]
Running from: c:\users\humick1\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1153519461-2297561048-892776223-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\users\humick1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Plus
c:\users\humick1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\users\humick1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\users\humick1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\users\humick1\Desktop\AntiVirus Plus.lnk
c:\windows\Installer\630f5.msi

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 13:15 . 2009-10-12 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-12 04:35 . 2009-10-12 04:35 -------- d-----w- c:\program files\Trend Micro
2009-10-12 03:37 . 2009-10-12 03:51 -------- d-----w- c:\program files\NoAdware
2009-10-11 22:53 . 2009-10-11 22:53 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-11 22:41 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-11 22:28 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-11 22:28 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-11 22:28 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-11 22:28 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-11 22:28 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-11 22:28 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-11 22:28 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-11 22:28 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-11 22:23 . 2009-10-11 22:23 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-11 22:23 . 2009-10-11 22:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-10-11 22:23 . 2009-10-11 22:23 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-10-11 22:23 . 2009-10-11 22:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 22:23 . 2009-10-11 22:23 -------- d-----w- c:\program files\Symantec
2009-10-11 22:22 . 2009-10-12 11:16 -------- d-----w- c:\windows\system32\drivers\N360
2009-10-11 22:22 . 2009-10-11 22:22 -------- d-----w- c:\program files\Norton 360
2009-10-11 21:17 . 2009-10-11 21:17 -------- d-----w- c:\programdata\PCSettings
2009-10-11 21:16 . 2009-10-11 22:23 -------- d-----w- c:\programdata\Norton
2009-10-11 16:30 . 2009-10-11 16:30 -------- d-----w- c:\users\humick1\AppData\Local\Mozilla
2009-09-25 02:50 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-25 02:50 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-25 02:50 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-25 02:50 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-25 02:50 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-25 02:50 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-25 02:50 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-25 02:50 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-25 02:50 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-25 02:50 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-25 02:49 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-25 02:49 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-25 02:49 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-25 02:49 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-25 02:49 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 12:36 . 2008-07-04 18:10 -------- d-----w- c:\programdata\Dl_cats
2009-10-12 02:52 . 2008-02-27 03:11 27525 ----a-w- c:\users\humick1\AppData\Roaming\nvModes.dat
2009-10-11 23:24 . 2008-03-01 16:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-11 22:23 . 2009-10-11 22:23 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 22:23 . 2009-10-11 22:23 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 22:22 . 2009-08-21 22:55 -------- d-----w- c:\programdata\NortonInstaller
2009-10-11 21:21 . 2008-11-27 16:14 -------- d-----w- c:\programdata\Symantec
2009-10-11 21:21 . 2008-03-01 18:21 -------- d-----w- c:\users\humick1\AppData\Roaming\Symantec
2009-10-11 14:06 . 2009-01-02 22:17 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-11 14:06 . 2009-01-02 22:17 88 --sh--r- c:\windows\system32\CEBFF5E536.sys
2009-10-11 14:06 . 2008-07-05 19:00 -------- d-----w- c:\users\humick1\AppData\Roaming\Corel
2009-09-26 07:11 . 2008-04-03 01:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-26 07:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 12:39 . 2009-09-02 17:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 17:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-21 22:55 . 2009-08-21 22:55 -------- d-----w- c:\program files\NortonInstaller
2009-08-21 22:53 . 2008-03-01 16:32 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-18 20:16 . 2008-08-29 11:56 -------- d-----w- c:\program files\Safari
2009-08-12 14:26 . 2009-08-12 14:25 46640 ----a-w- c:\windows\system32\msln.exe
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-10-11 22:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-10-11 22:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-10-11 22:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-10-11 22:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 16:15 71680 ----a-w- c:\windows\system32\atl.dll
2008-02-19 20:33 . 2008-02-19 20:33 76 --sh--r- c:\windows\CT4CET.bin
2008-02-20 04:08 . 2008-02-20 03:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-01 36864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-19 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-29 29744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\users\humick1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\programdata\Autobahn\mlb-nexdef-autobahn.exe [2008-3-30 799496]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-19 50688]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-3-1 196608]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9464392A-5D53-4CB1-89FE-742371869F22}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{775BCD1A-1FEB-455C-AF0C-CD5871529113}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{52EB9F86-DAF9-4761-88D4-4132CAF39838}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{AE07BD0D-3A0E-4E6C-99FE-F8F1A6C36194}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{5E4DAA9C-5F7B-4D3E-A98C-3A047EBE077A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D924C0E3-7E0B-4995-92F9-750A0C0C1C3D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B77C661B-8F4C-4E66-8755-ECDADA0D0AB7}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7F471B19-4BFC-4B32-ACD2-5CB5A6CA4B1A}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A1372051-EEA6-46B7-AF34-F30F438A7B38}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{95A0B1A2-F51A-45EC-905F-57FA78FFC004}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F3357675-F472-4C59-9AD7-B1D0C83B85F8}"= UDP:c:\users\humick1\AppData\Local\Temp\dldo\wireless\ENGLISH\dldowpss.exe:
"{588ED6D8-C4C3-433A-BA7E-B5F759CA3AF0}"= TCP:c:\users\humick1\AppData\Local\Temp\dldo\wireless\ENGLISH\dldowpss.exe:
"{F35DD5E2-ECED-4BF4-A586-09B4D7EEC8F3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dldopswx.exe:Printer Status Window Interface
"{1CDE22BA-FE7C-4B7F-94E1-A98F59B39804}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dldopswx.exe:Printer Status Window Interface
"{04A6381C-3170-48A8-A92B-414B1626D0D1}"= UDP:c:\program files\Dell 968 AIO Printer\DLDOFax.exe:Fax Solutions Software
"{44F08152-0D21-4E69-A77C-9E8C2CD01714}"= TCP:c:\program files\Dell 968 AIO Printer\DLDOFax.exe:Fax Solutions Software
"{FE2E062B-27C8-4C21-8DEF-FAEEAF4BBB20}"= UDP:c:\windows\System32\dldocoms.exe:Dell Communications System
"{DF76945E-8844-4E96-967A-97F8B6CC73EC}"= TCP:c:\windows\System32\dldocoms.exe:Dell Communications System
"{AA8BFEE8-7681-442F-B059-F6AFB2DE62C9}"= UDP:c:\program files\Dell 968 AIO Printer\dldomon.exe:Device Monitor
"{939FE8A6-FA1B-4AA4-A7C7-D9F8A79749B1}"= TCP:c:\program files\Dell 968 AIO Printer\dldomon.exe:Device Monitor
"{59DB3BBC-8D73-4367-A8E6-AE7FBEA138E4}"= UDP:c:\program files\Dell 968 AIO Printer\dldoaiox.exe:All In One Center
"{16A739AF-61BD-4607-88A6-9AB886D5EF3E}"= TCP:c:\program files\Dell 968 AIO Printer\dldoaiox.exe:All In One Center
"{43F18301-B22A-4296-92A8-CEFE6F3B4C65}"= UDP:c:\program files\Dell 968 AIO Printer\memcard.exe:Memory Card Manager
"{02E67D7F-5357-4029-B93D-9732746AA208}"= TCP:c:\program files\Dell 968 AIO Printer\memcard.exe:Memory Card Manager
"{C8556BE6-E911-4B89-BC4B-AE0B9D70F209}"= UDP:c:\windows\System32\dldocoms.exe:Dell Communications System
"{E582B1FD-F97E-4EF3-8302-E5C36F137316}"= TCP:c:\windows\System32\dldocoms.exe:Dell Communications System
"{92A39B4C-10A6-4D3C-B362-4694C69B0D7E}"= UDP:c:\program files\Dell 968 AIO Printer\dldomon.exe:Device Monitor
"{ABAEAC32-B8A2-4A1D-A4AF-ECDFF1442EA2}"= TCP:c:\program files\Dell 968 AIO Printer\dldomon.exe:Device Monitor
"{753DECFC-327D-4678-BFDF-B53D22292292}"= UDP:c:\program files\Dell 968 AIO Printer\dldoaiox.exe:All In One Center
"{F47E27F8-7344-45CF-8FFA-5BAE0B1914E6}"= TCP:c:\program files\Dell 968 AIO Printer\dldoaiox.exe:All In One Center
"{9238F36D-789A-4D54-8511-0B3597C73A9C}"= UDP:c:\program files\Dell 968 AIO Printer\memcard.exe:Memory Card Manager
"{DBA583FD-7A99-4EA2-BAA1-1F0EF5FAE7DA}"= TCP:c:\program files\Dell 968 AIO Printer\memcard.exe:Memory Card Manager
"{4CC35389-23F4-4242-9349-F105F5AB973C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{094D9B33-CF4E-43D5-B13F-234B4089F31D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9D84941D-0727-4315-B805-BE9EB956F462}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CBC902F-41B7-46BF-853F-98847B178335}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9AFDE3B6-CEA8-464D-8546-964410073F22}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E6E64646-0E6A-4C7E-82A3-C0005AC1D9CB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{595AE859-138F-4B7A-86C5-47F90DFFD486}c:\\programdata\\autobahn\\mlb-nexdef-autobahn.exe"= UDP:c:\programdata\autobahn\mlb-nexdef-autobahn.exe:mlb-nexdef-autobahn
"UDP Query User{424C4EC8-26ED-4BC3-AA00-0F2A9491BCBD}c:\\programdata\\autobahn\\mlb-nexdef-autobahn.exe"= TCP:c:\programdata\autobahn\mlb-nexdef-autobahn.exe:mlb-nexdef-autobahn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [10/12/2009 7:17 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [10/12/2009 7:17 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [10/12/2009 7:17 AM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [10/11/2009 7:25 PM 342576]
R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};c:\program files\Dell\MediaDirect\000.fcl [2/19/2008 5:01 PM 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2/19/2008 4:13 PM 73728]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\dldoserv.exe [2/19/2008 11:51 PM 99568]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [10/12/2009 7:16 AM 117640]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2/19/2008 4:42 PM 35856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2009 8:25 PM 102448]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2/20/2008 12:08 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2/20/2008 12:08 AM 7424]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [10/12/2009 7:17 AM 48688]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 2:45 AM 124832]
S2 Tmntsrv;Tmntsrv; [x]
S2 tmproxy;tmproxy; [x]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/19/2008 4:49 PM 29744]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [6/24/2008 7:44 AM 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\humick1\AppData\Roaming\Mozilla\Firefox\Profiles\tfgb7tx4.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
AddRemove-TmPcc - c:\progra~1\TRENDM~1\INTERN~1\remove.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 09:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-12 9:17
ComboFix-quarantined-files.txt 2009-10-12 13:17

Pre-Run: 95,547,392,000 bytes free
Post-Run: 95,548,141,568 bytes free

276 --- E O F --- 2009-10-12 12:44


Report •


Ask Question