Thread: [Resolved] Re-directed sites
View Single Post
  #7 (permalink)  
Old 24-06-2009, 12:04 AM
wbutt wbutt is offline
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 18
wbutt is a jewel in the roughwbutt is a jewel in the roughwbutt is a jewel in the roughwbutt is a jewel in the rough
re: [Resolved] Re-directed sites
Thank you for the reply Broni

I noticed this is the last few steps others have taken simular to my situation. I hope i too get the Mr.Clean reply image


combofixlog

ComboFix 09-06-22.0E - HP_Administrator 06/23/2009 15:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1626 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\kb913800.exe
c:\windows\system32\drivers\ctoss2k.sys
c:\windows\system32\SKYNETuirixoom.dat
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_driver
-------\Legacy_driverdrv
-------\Service_SKYNETwysndllt
-------\Legacy_ossrv
-------\Service_ossrv


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 02:33 . 2009-06-23 02:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\teamspeak2
2009-06-20 22:52 . 2009-06-23 07:25 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-20 22:51 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 22:51 . 2009-06-20 22:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 22:51 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 08:06 . 2009-06-20 08:06 -------- d-----w- c:\program files\Trend Micro
2009-06-20 07:47 . 2009-06-20 22:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-19 08:57 . 2009-06-19 08:57 -------- d-----w- c:\program files\CCleaner
2009-06-19 07:54 . 2009-06-19 07:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-19 07:51 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 07:51 . 2009-06-19 07:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 07:51 . 2009-06-19 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-19 07:51 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 07:14 . 2009-06-19 07:54 -------- d-----w- c:\program files\Lavasoft
2009-06-19 07:14 . 2009-06-19 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-19 07:07 . 2009-06-20 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-11 12:12 . 2009-06-11 12:12 -------- d--h--w- c:\windows\PIF
2009-06-06 04:11 . 2008-12-05 04:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-06 04:11 . 2009-06-06 04:11 -------- d-----w- c:\program files\Xvid
2009-06-06 04:11 . 2008-12-05 04:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-03 01:12 . 2009-06-22 11:45 25 ----a-w- c:\windows\popcinfot.dat
2009-06-02 22:51 . 2009-06-02 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-06-01 12:04 . 2009-06-01 12:04 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Help
2009-06-01 05:36 . 2009-06-01 05:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2009-05-31 22:42 . 2009-05-31 22:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-05-30 11:03 . 2009-05-30 11:03 -------- d-----w- C:\Poker
2009-05-28 02:45 . 2009-05-28 02:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TouchStoneSoftware
2009-05-26 23:11 . 2009-05-28 04:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2009-05-26 23:11 . 2009-05-26 23:11 -------- d-----w- c:\program files\Ventrilo
2009-05-26 23:10 . 2009-06-20 22:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-23 02:50 . 2009-05-18 06:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-06-18 06:19 . 2009-05-18 06:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2009-06-16 01:45 . 2009-05-18 07:43 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-06-16 01:45 . 2009-05-18 07:43 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-06-09 23:23 . 2006-05-24 03:29 84976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 03:48 . 2009-05-18 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-06 04:09 . 2009-05-18 06:22 -------- d-----w- c:\program files\DivX
2009-06-06 04:09 . 2009-05-18 06:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-01 12:04 . 2009-05-18 06:27 -------- d-----w- c:\program files\CDisplay
2009-05-22 02:41 . 2009-05-22 02:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TeamViewer
2009-05-19 23:52 . 2009-05-18 02:33 8 ----a-w- c:\windows\system32\nvModes.dat
2009-05-18 22:37 . 2009-05-18 06:54 -------- d-----w- c:\program files\Ultra Mobile 3GP Video Converter
2009-05-18 21:59 . 2009-05-18 06:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-18 11:50 . 2009-05-18 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2009-05-18 10:35 . 2009-05-18 10:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-05-18 08:22 . 2006-05-24 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 08:22 . 2006-05-24 03:32 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-18 07:43 . 2009-05-18 07:43 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-05-18 07:43 . 2009-05-18 07:43 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-05-18 07:43 . 2009-05-18 07:43 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-05-18 07:43 . 2009-05-18 07:43 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-05-18 07:19 . 2009-05-18 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-05-18 07:19 . 2009-05-18 07:19 -------- d-----w- c:\program files\Pando Networks
2009-05-18 07:15 . 2009-05-18 07:15 -------- d-----w- c:\program files\DivXLand
2009-05-18 07:10 . 2009-05-18 07:10 -------- d-----w- c:\program files\VirtualDub
2009-05-18 07:05 . 2009-05-18 07:05 -------- d-----w- c:\program files\VideoLAN
2009-05-18 06:53 . 2009-05-18 06:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Realtime Soft
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-----w- c:\program files\Common Files\Realtime Soft
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-----w- c:\program files\UltraMon
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2009-05-18 06:37 . 2009-05-18 06:37 -------- d-----w- c:\program files\Microsoft
2009-05-18 06:37 . 2009-05-18 06:37 -------- d-----w- c:\program files\Windows Live
2009-05-18 06:37 . 2009-05-18 06:37 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-18 06:37 . 2009-05-18 06:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
2009-05-18 06:36 . 2009-05-18 06:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-05-18 06:36 . 2009-05-18 06:36 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-18 06:34 . 2009-05-18 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-18 06:34 . 2009-05-18 06:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-18 06:31 . 2009-05-18 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-18 06:20 . 2009-05-18 06:20 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-18 06:03 . 2009-05-18 06:03 -------- d-----w- c:\program files\uTorrent
2009-05-18 03:40 . 2009-05-18 03:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-05-18 03:40 . 2009-05-18 03:40 -------- d-----w- c:\program files\Logitech
2009-05-18 03:28 . 2009-05-18 03:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ahead
2009-05-18 03:22 . 2009-05-18 03:19 -------- d-----w- c:\program files\Ahead
2009-05-18 03:19 . 2009-05-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-05-18 03:19 . 2009-05-18 03:19 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-18 03:00 . 2009-05-18 03:00 -------- d-----w- c:\program files\Common Files\L&H
2009-05-18 03:00 . 2009-05-18 03:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-18 03:00 . 2009-05-18 02:59 -------- d-----w- c:\program files\Microsoft Office 2003
2009-05-18 02:55 . 2009-05-18 02:55 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 02:55 . 2009-05-18 02:55 -------- d-----w- c:\program files\MSBuild
2009-05-18 02:55 . 2009-05-18 02:52 -------- d-----w- c:\program files\Microsoft Office 2007
2009-05-18 02:54 . 2009-05-18 02:54 -------- d-----w- c:\program files\Microsoft.NET
2009-05-18 02:41 . 2009-05-18 02:41 -------- d-----w- c:\program files\Avira
2009-05-18 02:41 . 2009-05-18 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-18 02:38 . 2009-05-18 02:38 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 02:33 . 2009-05-18 02:33 -------- d-----w- c:\program files\Common Files\logishrd
2009-05-18 02:32 . 2009-05-18 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-18 02:30 . 2009-05-18 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-05-18 02:30 . 2009-05-18 02:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-18 02:30 . 2009-05-18 02:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-18 02:30 . 2009-05-18 02:30 -------- d-----w- c:\program files\OpenAL
2009-05-18 02:29 . 2009-05-18 02:29 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-05-18 02:29 . 2009-05-18 02:29 -------- d-----w- c:\program files\Creative
2009-05-18 02:11 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-18 02:11 . 2009-05-18 02:11 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSet up.exe
2009-05-18 02:11 . 2009-05-18 02:11 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-05-18 02:11 . 2009-05-18 02:11 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-05-18 02:11 . 2009-05-18 02:11 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-05-18 02:11 . 2009-05-18 02:11 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetect ion3.dll
2009-05-18 02:11 . 2009-05-18 02:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-05-18 02:11 . 2009-05-18 02:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-05-18 02:11 . 2009-05-18 02:11 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-05-18 02:11 . 2009-05-18 02:11 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dl l
2009-05-18 01:18 . 2006-05-24 03:30 -------- d-----w- c:\program files\Common Files\Real
2009-05-18 01:09 . 2006-05-24 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-18 01:09 . 2006-05-24 04:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-18 00:34 . 2009-05-18 00:34 1839 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX276AA-ABA a1540n_YC_0Pavi_QCNH627_E63NAemMPA2_48_INODUSM_SAS USTek Computer INC._V1.03_B3.04_T060614_WXP2_L409_M2047_J250_7AMD _8Athlon 64 X2 Dual Core_92.2_#061013_N_Z_G_OTSSTcorp CD DVDW TS-H652L_D.MRK
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 07:31 . 2009-05-01 07:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 07:31 . 2009-05-01 07:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 07:31 . 2009-05-01 07:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 07:31 . 2009-05-01 07:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 07:31 . 2009-05-01 07:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 07:31 . 2009-05-01 07:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 07:31 . 2009-05-01 07:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 05:02 . 2009-05-18 02:25 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 05:02 . 2009-05-01 05:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 05:02 . 2009-05-01 05:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 05:02 . 2009-05-01 05:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 05:02 . 2009-05-01 05:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 05:02 . 2009-05-01 05:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 05:02 . 2009-05-01 05:02 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"58162:TCP"= 58162:TCP:Pando Media Booster
"58162:UDP"= 58162:UDP:Pando Media Booster

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 7:41 PM 108289]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\ drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/17/2009 7:29 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\driver s\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XU T.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\driv ers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEX FIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\driver s\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIU T.sys [10/8/2008 1:21 AM 72728]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILI ON&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION &pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILI ON&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-23 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1480)
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
.
************************************************** ************************
.
Completion time: 2009-06-23 16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 23:00

Pre-Run: 29,097,234,432 bytes free
Post-Run: 29,035,659,264 bytes free

276

Hijackthislog
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:47 PM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1242609946937
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6995 bytes
Reply With Quote