google search highjack

Nvidia / Awrdacpi
May 24, 2010 at 03:21:41
Specs: Microsoft Windows XP Home Edition, 1.293 GHz / 1471 MB
when I search google the search works ok but when I try to open one of the pages in the search i get redirected to a number of different sites. I have run malwarebytes and superantispyware but the problem still exists.

See More: google search highjack

Report •


#1
May 24, 2010 at 05:51:30
Try Trojan Remover
http://www.simplysup.com/tremover/d...
and Hitman Pro
http://www.surfright.nl/en
and remove all they find. If it is a hidden rootkit, hitman should find it and remove it.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
May 24, 2010 at 06:27:58
Thanks for the help, trojan remover seems to have done the trick.

Cheers


Report •

#3
May 24, 2010 at 07:39:25
spopke too soon the problems back again

Report •

Related Solutions

#4
May 24, 2010 at 10:26:17
did hitman pro help?

What did trojan remover fix?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
May 25, 2010 at 02:54:27
hitman pro did'nt find anything and trojan remover removed an old entry from AVG that was on the Highjack this list.

Report •

#6
May 25, 2010 at 05:59:48
You can try combofix, just follow the directions carefully on the download page:
http://www.bleepingcomputer.com/com...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#7
May 25, 2010 at 22:49:20
I have run combofix and the problem still exists. Please see the combofix log below.

ComboFix 10-05-25.02 - JANE 25/05/2010 22:32:30.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.946 [GMT 1:00]
Running from: c:\documents and settings\JANE\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-24 15:45 . 2010-05-24 14:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-24 15:01 . 2010-05-24 15:01 -------- d-----w- c:\documents and settings\JANE\Local Settings\Application Data\Sunbelt Software
2010-05-24 14:59 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-24 14:59 . 2010-05-24 14:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-24 14:53 . 2010-05-24 14:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-24 14:53 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-05-24 14:53 . 2010-05-24 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-24 14:53 . 2010-05-24 14:53 -------- d-----w- c:\program files\Lavasoft
2010-05-24 13:15 . 2010-02-27 19:46 3691384 ----a-w- c:\documents and settings\JANE\Application Data\Simply Super Software\Trojan Remover\vav1.exe
2010-05-24 13:08 . 2010-05-24 13:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-24 13:06 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-24 13:06 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-24 13:06 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-24 13:06 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-24 13:06 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-24 13:06 . 2010-05-24 13:06 -------- d-----w- c:\program files\Trojan Remover
2010-05-24 13:06 . 2010-05-24 13:06 -------- d-----w- c:\documents and settings\JANE\Application Data\Simply Super Software
2010-05-24 13:06 . 2010-05-24 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-24 13:00 . 2010-05-24 13:00 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-24 13:00 . 2010-05-24 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-24 13:00 . 2010-05-24 13:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-24 12:16 . 2010-05-24 12:16 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-05-24 12:08 . 2010-05-24 12:08 -------- d-----w- c:\windows\ERUNT
2010-05-24 11:53 . 2010-05-24 12:38 -------- d-----w- C:\SDFix
2010-05-24 10:30 . 2010-05-24 10:30 -------- d-----w- c:\program files\ESET
2010-05-24 10:17 . 2010-05-24 10:17 195584 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-57ed7bb6-n\WMINative.dll
2010-05-24 10:00 . 2010-05-24 10:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 10:00 . 2010-05-24 10:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 06:45 . 2010-05-24 06:45 -------- d-sh--w- c:\documents and settings\JANE\IECompatCache
2010-05-24 00:02 . 2010-05-24 00:02 503808 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a6ce624-n\msvcp71.dll
2010-05-24 00:02 . 2010-05-24 00:02 499712 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a6ce624-n\jmc.dll
2010-05-24 00:02 . 2010-05-24 00:02 348160 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2a6ce624-n\msvcr71.dll
2010-05-24 00:02 . 2010-05-24 00:02 61440 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47033357-n\decora-sse.dll
2010-05-24 00:02 . 2010-05-24 00:02 12800 ----a-w- c:\documents and settings\JANE\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47033357-n\decora-d3d.dll
2010-05-21 19:02 . 2010-05-21 19:02 63488 ----a-w- c:\documents and settings\JANE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-21 19:02 . 2010-05-21 19:02 52224 ----a-w- c:\documents and settings\JANE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-21 19:02 . 2010-05-21 19:02 117760 ----a-w- c:\documents and settings\JANE\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-21 19:01 . 2010-05-21 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-21 19:00 . 2010-05-21 19:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-21 19:00 . 2010-05-21 19:00 -------- d-----w- c:\documents and settings\JANE\Application Data\SUPERAntiSpyware.com
2010-05-21 19:00 . 2010-05-21 19:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-19 18:12 . 2010-05-21 16:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 07:56 . 2010-05-19 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-18 21:33 . 2010-05-21 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-18 21:33 . 2010-05-18 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 21:33 . 2010-05-18 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-18 18:31 . 2010-05-18 18:32 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 20:31 . 2002-08-29 12:00 179584 ----a-w- c:\windows\system32\drivers\dac2w2k.sys
2010-04-23 17:18 . 2010-02-21 16:35 -------- d-----w- c:\documents and settings\JANE\Application Data\uTorrent
2010-04-23 01:28 . 2010-04-22 22:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-22 22:12 . 2010-04-22 22:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-18 12:41 . 2010-03-14 17:20 -------- d-----w- c:\documents and settings\JANE\Application Data\Apple Computer
2010-04-18 10:59 . 2010-04-18 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-18 10:59 . 2010-04-18 10:57 -------- d-----w- c:\program files\iTunes
2010-04-18 10:57 . 2010-04-18 10:57 -------- d-----w- c:\program files\iPod
2010-04-18 10:57 . 2010-02-26 22:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-18 10:57 . 2010-04-18 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-18 10:55 . 2010-04-18 10:52 -------- d-----w- c:\program files\QuickTime
2010-04-18 10:46 . 2010-04-18 10:46 -------- d-----w- c:\program files\Apple Software Update
2010-04-18 10:45 . 2010-02-26 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-18 10:43 . 2010-04-18 10:43 -------- d-----w- c:\program files\Bonjour
2010-04-17 11:26 . 2010-04-17 11:26 -------- d-----w- c:\program files\Veetle
2010-04-17 11:11 . 2010-04-17 11:11 -------- d-----w- c:\program files\SopCast
2010-04-14 18:09 . 2010-02-21 18:27 69632 ----a-w- c:\documents and settings\JANE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-05 18:23 . 2010-02-23 09:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 18:16 . 2010-04-05 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-04-05 18:16 . 2010-04-05 18:16 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-04-02 17:58 . 2010-04-02 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-02 14:40 . 2010-04-02 14:40 -------- d-----w- c:\program files\Adobe Media Player
2010-03-31 10:19 . 2010-03-12 12:17 -------- d-----w- c:\program files\McAfee
2010-03-31 02:19 . 2010-02-23 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-26 00:48 . 2010-03-26 00:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-13 15:10 . 2010-03-13 15:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 19:42 . 2010-03-04 19:42 2678 ----a-w- c:\windows\java\Packages\Data\LVLBFJLR.DAT
2010-03-04 19:42 . 2010-03-04 19:42 2678 ----a-w- c:\windows\java\Packages\Data\R1NZXRPR.DAT
2010-03-04 19:42 . 2010-03-04 19:42 2678 ----a-w- c:\windows\java\Packages\Data\T7HB53DZ.DAT
2010-03-04 19:42 . 2010-03-04 19:42 2678 ----a-w- c:\windows\java\Packages\Data\H3XVNVTN.DAT
2010-03-04 19:42 . 2010-03-04 19:42 2678 ----a-w- c:\windows\java\Packages\Data\6QDRJ3LB.DAT
2010-03-04 19:39 . 2003-12-16 17:01 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-26 22:44 . 2010-02-26 22:44 10134 ----a-r- c:\documents and settings\JANE\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-02-26 22:41 . 2010-02-26 22:39 32494896 ----a-w- c:\documents and settings\JANE\Application Data\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
2010-02-26 13:01 . 2010-02-22 08:39 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-26 13:01 . 2010-02-22 08:39 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 11:16 . 2003-12-16 17:06 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-25 06:24 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-24_07.53.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2010-05-25 21:29 . 2010-05-25 21:29 16384 c:\windows\Temp\Perflib_Perfdata_720.dat
+ 2010-05-24 14:59 . 2010-02-04 15:53 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
- 2003-12-16 17:14 . 2010-05-24 05:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-12-16 17:14 . 2010-05-25 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-24 13:41 . 2010-05-25 21:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-12-16 17:14 . 2010-05-24 05:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-24 14:53 . 2010-05-24 14:53 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
+ 2010-05-24 12:08 . 2010-05-24 12:08 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2010-05-24 12:08 . 2010-05-24 12:08 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2010-02-22 14:25 . 2010-02-22 14:24 153376 c:\windows\system32\javaws.exe
+ 2010-05-24 10:00 . 2010-05-24 10:00 153376 c:\windows\system32\javaws.exe
- 2010-02-22 14:25 . 2010-02-22 14:24 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 10:00 . 2010-05-24 10:00 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 10:00 . 2010-05-24 10:00 145184 c:\windows\system32\java.exe
- 2010-02-22 14:25 . 2010-02-22 14:24 145184 c:\windows\system32\java.exe
+ 2010-05-24 14:53 . 2010-05-24 14:53 167424 c:\windows\Installer\59f8e8.msi
+ 2010-05-24 14:52 . 2010-05-24 14:52 236032 c:\windows\Installer\59f8da.msi
+ 2010-05-24 10:00 . 2010-05-24 10:00 180224 c:\windows\Installer\106e26.msi
+ 2010-05-24 10:00 . 2010-05-24 10:00 576000 c:\windows\Installer\106e18.msi
+ 2010-05-24 12:08 . 2010-05-24 12:08 679936 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2010-05-24 12:08 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2010-05-24 12:08 . 2010-05-24 12:08 679936 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2010-05-24 12:08 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2010-05-24 14:53 . 2010-05-24 14:53 1859072 c:\windows\Installer\59f8e3.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

c:\documents and settings\JANE\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/05/2010 15:59 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17:10 68168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1314704]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26/02/2010 08:55 236368]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/03/2010 13:20 93320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26/02/2010 08:55 19160]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/03/2010 22:47 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [26/02/2010 23:46 90112]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [26/02/2010 23:27 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [26/02/2010 23:27 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [26/02/2010 23:27 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [26/02/2010 23:27 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [26/02/2010 23:27 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [26/02/2010 23:27 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [26/02/2010 23:27 109864]
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:58]

2010-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 21:47]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 21:47]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-12 12:22]

2010-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-12 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89F07AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76ebf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74ae852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: NVIDIA nForce MCP Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xbaf31bb0
PacketIndicateHandler -> NDIS.sys @ 0xbaf3ea21
SendHandler -> NDIS.sys @ 0xbaf1c87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-25 22:57:12
ComboFix-quarantined-files.txt 2010-05-25 21:57
ComboFix2.txt 2010-05-24 07:58

Pre-Run: 45,627,478,016 bytes free
Post-Run: 45,678,735,360 bytes free

- - End Of File - - 8DD5A1FF73E9A2DA7A624BE8787474BD


Report •


Ask Question