Sign In
Create Account
0
I believe my pc has a virus. Using IE Google bagan automatically redirecting to google.de about 2 weeks ago. Now my homepage tells me I have no internet connection, when in fact I do. If you manually type a website it works but any search yields the same internet connection issue. I have tried running anitmalware with no luck. I ran combo fix and here are the results. Thanks for your help in adavance.
ComboFix 09-10-01.01 - Administrator 10/01/2009 19:19.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2018.1497 [GMT -4:00]
Running from: c:\combo-fix\Combo-Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.
2009-09-25 21:10 . 2009-09-25 21:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-23 21:09 . 2009-09-23 21:10 -------- dc-h--w- c:\windows\ie8
2009-09-23 21:08 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-23 21:08 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-23 19:32 . 2009-09-23 19:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-09-09 19:47 . 2009-09-09 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-09 19:47 . 2009-09-09 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-09 18:12 . 2009-10-01 22:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-09 16:07 . 2009-09-09 19:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\6f621ba
2009-09-08 19:13 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-05 22:09 . 2009-09-12 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2009-09-05 22:08 . 2009-09-05 22:08 -------- d-----w- c:\windows\Hewlett-Packard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 13:08 . 2008-10-14 21:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 13:08 . 2008-10-14 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-23 20:49 . 2008-11-03 19:56 -------- d-----w- c:\program files\Google
2009-09-23 20:48 . 2008-04-08 23:32 -------- d-----w- c:\program files\Yahoo!
2009-09-23 20:46 . 2009-03-25 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-10 20:26 . 2009-02-09 18:34 -------- d-----w- c:\program files\Coupons
2009-09-09 17:22 . 2009-08-09 23:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2006-02-28 02:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2006-02-28 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-02-28 02:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 21:53 . 2008-11-27 15:50 256 ----a-w- c:\windows\system32\pool.bin
.
((((((((((((((((((((((((((((( SnapShot@2009-10-01_22.44.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-04-25 17:43 . 2009-10-01 22:38 72108 c:\windows\system32\perfc009.dat
+ 2006-04-25 17:43 . 2009-10-01 23:09 72108 c:\windows\system32\perfc009.dat
+ 2006-04-25 17:43 . 2009-10-01 23:09 444358 c:\windows\system32\perfh009.dat
- 2006-04-25 17:43 . 2009-10-01 22:38 444358 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-26 1015808]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WPN311 Smart Wizard.lnk - c:\program files\NETGEAR\WPN311\wlancfg5.exe [2006-12-4 1503232]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [1/11/2008 1:59 AM 2521880]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 4:13 PM 41216]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 19:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2505836837-47728274-3880406320-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,2e,1e,fd,40,15,4c,48,8c,00,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,2e,1e,fd,40,15,4c,48,8c,00,8a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-01 19:23
ComboFix-quarantined-files.txt 2009-10-01 23:23
ComboFix2.txt 2009-10-01 23:01
ComboFix3.txt 2009-10-01 22:45
Pre-Run: 53,437,886,464 bytes free
Post-Run: 53,402,992,640 bytes free
141 --- E O F --- 2009-09-25 07:00
-
This topic is locked
Back to top
#2
Posted 10 October 2009 - 12:40 PM
-
- Members
-
- 3 posts
New Member
I was really hoping to get some help here. Can anyone assist with this problem?
#3
Posted 13 October 2009 - 08:05 AM
-
- Administrators
-
- 22,574 posts
Forum Deity
- Gender:Male
- Location:US
Hi Brian,
Sorry for the delay. Can you please download a new fresh copy of Combofix and run it again and post back the new log.
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
Sorry for the delay. Can you please download a new fresh copy of Combofix and run it again and post back the new log.
Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe
#4
Posted 14 October 2009 - 08:55 AM
-
- Administrators
-
- 22,574 posts
Forum Deity
- Gender:Male
- Location:US
#5
Posted 16 October 2009 - 02:10 AM
-
- Administrators
-
- 22,574 posts
Forum Deity
- Gender:Male
- Location:US
Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Other members who need assistance please start your own topic in a new thread. Thanks!
The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
