Unsolved
This post is more than 5 years old
5 Posts
0
3437
April 2nd, 2009 12:00
Malwarebytes didn't fix Google Redirect
Hello everyone, first off, I'm new to this forum & have 0% clue of what I'm doing. I comprehend the techonological aspects of computers like I comprehend rocket science... I haven't a clue. I wanted everyone to know that so that when it comes time for help, I can be helped in the best way possible with as little confusion as possible.
THE PROBLEM!
I've noticed about 5 days or so ago that everytime I go onto google and type a keyword/phrase and click on it I get redirected to a completely different site unrelated to the topic I was searching for. As this continued to happen, my Firefox browser would regularly "crash"- no warning. Eventually I figured that something was the matter with my PC (my user desktop at least. Don't have these issues on other user accounts) and I figured I'd try to google the issue. As I was doing that on Google, I realized that there was a link in between the redirect, it read ABCJUMP! Now as I'm getting information, I come to understand that this ABCJUMP is a form of malware virus on the PC. So as advised by other forums for other users, I downloaded HiJackThis & Malwarebytes...
So I ran Malwarebytes and clicked on "REMOVE" when it was finished so it could remove the 12 objects found that were infected. It was removed and quarantined. However, I noticed that whenever I go onto Google, I am still having the redirect problem. So I ran HiJackThis... and by the website I received it from, it says not to do anything until I get better guidance on a community suited to help solve Malware viruses and post the log from the HiJackThis in a post & that I'll be informed on what to do next. I found this site on Google searching for a solution to this problem & since I am a Dell customer, I figured this was a great place to receive qualilty support.
Any help, I'd greatly appreciate. Thank you in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:41 PM, on 4/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyesha Tucker\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8738 bytes
bamajim
10.4K Posts
0
April 2nd, 2009 15:00
1. Go HERE and download File Lister.
Copy and paste the contents of that log in your reply.
toya5185
5 Posts
0
April 2nd, 2009 17:00
+++++++++++++++++++++++++++++++++
+ File Lister Version 1.0.8 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++
Report ran on --->>> 4/2/2009 5:39:08 PM
====== Running Processes ======
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Kyesha Tucker\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WScript.exe
====== BHO's ======
BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: Symantec Intrusion Prevention - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
====== HKLM\~\Run Keys ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[SunJavaUpdateSched] = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[DVDLauncher] = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[MMTray] = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
[RealTray] = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[QuickTime Task] = "C:\Program Files\QuickTime\qttask.exe" -atboottime
[dla] = C:\WINDOWS\system32\dla\tfswctrl.exe
[ISUSPM Startup] = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[ISUSScheduler] = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[DMXLauncher] = C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[Dell Photo AIO Printer 922] = "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
[DLBTCATS] = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[Smart Start UP] = C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
[AOLDialer] = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[dscactivate] = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
[mmtask] = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[ccApp] = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[osCheck] = "C:\Program Files\Norton 360\osCheck.exe"
====== HKCU\~\Run Keys ======
[DellSupport] = "C:\Program Files\DellSupport\DSAgnt.exe" /startup
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
====== DNS Info (List may be empty) ======
HKEY_LOCAL_MACHINE\CCS\~\{531D3D38-B38F-4A40-9052-52EFBA55506B}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{72A7C811-D8AE-4E1B-BFAE-A26195AD175B}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{7EEA14A5-9692-4EAE-9A2F-B686CCF495D2}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{840932F3-16A5-4846-B6CC-C24B299F1800}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{531D3D38-B38F-4A40-9052-52EFBA55506B}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{72A7C811-D8AE-4E1B-BFAE-A26195AD175B}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{7EEA14A5-9692-4EAE-9A2F-B686CCF495D2}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{840932F3-16A5-4846-B6CC-C24B299F1800}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{531D3D38-B38F-4A40-9052-52EFBA55506B}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{72A7C811-D8AE-4E1B-BFAE-A26195AD175B}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{7EEA14A5-9692-4EAE-9A2F-B686CCF495D2}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{840932F3-16A5-4846-B6CC-C24B299F1800}\ NameServer=
====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======
2/27/2009 11:42:01 AM 0 C:\Config.Msi
4/2/2009 5:39:09 PM 5137 32 C:\Files.txt
3/12/2009 2:50:09 AM 2474985 C:\WINDOWS\$NtUninstallKB958690$
3/12/2009 2:50:09 AM 628969 C:\WINDOWS\$NtUninstallKB958690$\spuninst
3/12/2009 2:50:49 AM 773944 C:\WINDOWS\$NtUninstallKB960225$
3/12/2009 2:50:49 AM 629048 C:\WINDOWS\$NtUninstallKB960225$\spuninst
2/11/2009 8:42:55 PM 737780 C:\WINDOWS\$NtUninstallKB960715$
2/11/2009 8:42:55 PM 627188 C:\WINDOWS\$NtUninstallKB960715$\spuninst
2/26/2009 10:34:10 AM 9084814 C:\WINDOWS\$NtUninstallKB967715$
2/26/2009 10:34:10 AM 630158 C:\WINDOWS\$NtUninstallKB967715$\spuninst
3/31/2009 2:34:57 PM 1139 32 C:\WINDOWS\ie7_main.log
3/11/2009 1:15:35 PM 13381 32 C:\WINDOWS\KB958690.log
3/11/2009 1:16:22 PM 13041 32 C:\WINDOWS\KB960225.log
2/11/2009 8:42:01 PM 6856 32 C:\WINDOWS\KB960715.log
2/25/2009 3:18:27 PM 12840 32 C:\WINDOWS\KB967715.log
2/19/2009 1:03:34 PM 579464 32 C:\WINDOWS\system32\SymNeti.dll
2/19/2009 1:03:26 PM 207240 32 C:\WINDOWS\system32\SymRedir.dll
====== Files under "\Administrator\Startup" Last 60 Days======
====== Files under "\All Users\Startup" Last 60 Days======
====== Folders under "\Program Files" Last 60 Days======
4/1/2009 8:14:59 PM 4163572 C:\Program Files\Malwarebytes' Anti-Malware
4/1/2009 8:15:00 PM 372758 C:\Program Files\Malwarebytes' Anti-Malware\Languages
2/21/2009 11:16:13 PM 23 C:\Program Files\Yahoo!
2/21/2009 11:16:13 PM 23 C:\Program Files\Yahoo!\Messenger
====== Files under "\System32\Drivers" Last 60 Days======
4/1/2009 8:15:05 PM 15504 32 C:\WINDOWS\system32\drivers\mbam.sys
4/1/2009 8:15:02 PM 38496 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2/19/2009 12:31:16 PM 13616 32 C:\WINDOWS\system32\drivers\symdns.sys
2/19/2009 12:31:16 PM 96560 32 C:\WINDOWS\system32\drivers\symfw.sys
2/19/2009 12:31:16 PM 38576 32 C:\WINDOWS\system32\drivers\symids.sys
2/19/2009 12:31:42 PM 31280 32 C:\WINDOWS\system32\drivers\SymIM.sys
2/19/2009 12:31:16 PM 37424 32 C:\WINDOWS\system32\drivers\symndis.sys
2/19/2009 12:31:18 PM 41008 32 C:\WINDOWS\system32\drivers\symndisv.sys
2/19/2009 12:31:42 PM 9844 32 C:\WINDOWS\system32\drivers\SymRedir.cat
2/19/2009 12:31:42 PM 1611 32 C:\WINDOWS\system32\drivers\SymRedir.inf
2/19/2009 12:31:16 PM 22320 32 C:\WINDOWS\system32\drivers\symredrv.sys
2/19/2009 12:31:16 PM 184496 32 C:\WINDOWS\system32\drivers\symtdi.sys
====== Files Deleted under "%Temp%" ======
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\32frznwnlbg.ABI
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\etilqs_OQ6PdaP6JQ7McBs83Axh
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\favicon.ico
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\monthLSf1-Apr-2009-bTMT.doc
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton 360 2008 10-14-2008 14h2m29s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Add-on Pack 10-22-2008 20h30m22s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Internet Security 10-14-2008 13h48m36s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Setup 2,1,0 10-22-2008 20h30m14s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Setup 2,2,0 10-14-2008 13h42m32s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Setup 2,2,0 10-14-2008 14h2m26s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Stub 4,5,0 10-14-2008 13h35m37s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Stub 4,5,0 10-14-2008 13h42m12s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Stub 4,5,0 10-14-2008 14h2m12s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Norton Stub 4,5,0 10-14-2008 14h2m21s.log
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\PMShared
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\Soul4Real-NeverFeltThisWayB4.mp3
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\url.txt
C:\DOCUME~1\KYESHA~1\LOCALS~1\Temp\~DFB32B.tmp
19 Files deleted
====== Files and Folders under "All Users\Application Data" Last 60 Days======
4/1/2009 8:15:00 PM 1641725 C:\Documents and Settings\All Users\Application Data\Malwarebytes
4/1/2009 8:15:00 PM 1641725 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
HKLM\Software\microsoft\shared tools\msconfig\startupreg\
"C:\Program Files\Messenger\msmsgs.exe" /background
====== Services ( Services that are Whitelisted are not shown) ======
Achernar (Achernar - SCSI Command Filters)- C:\WINDOWS\system32\Drivers\Achernar.sys - Boot/Running
Aldebaran (Aldebaran - SCSI Command Filters)- C:\WINDOWS\system32\Drivers\Aldebaran.sys - Manual/Running
ASCTRM (ASCTRM)- C:\WINDOWS\system32\drivers\ASCTRM.sys - Auto/Running
bvrp_pci (bvrp_pci)- - Manual/Stopped
CoachUsb (Digital Camera on USB)- C:\WINDOWS\system32\DRIVERS\CoachUsb.sys - Manual/Stopped
COH_Mon (COH_Mon)- \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys - Manual/Stopped
drvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/Running
DSCVc (Video Capture)- C:\WINDOWS\system32\DRIVERS\CoachVc.sys - Manual/Stopped
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
EraserUtilRebootDrv (EraserUtilRebootDrv)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - Manual/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
senfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/Running
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
SPBBCDrv (SPBBCDrv)- \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - System/Running
SRTSP (SRTSP)- C:\WINDOWS\system32\Drivers\SRTSP.SYS - Manual/Running
SRTSPL (SRTSPL)- C:\WINDOWS\system32\Drivers\SRTSPL.SYS - Manual/Stopped
SRTSPX (SRTSPX)- C:\WINDOWS\system32\Drivers\SRTSPX.SYS - System/Running
sscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Running
ssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/Running
SymIM (Symantec Network Security Intermediate Filter Service)- C:\WINDOWS\system32\DRIVERS\SymIM.sys - Manual/Stopped
SymIMMP (SymIMMP)- C:\WINDOWS\system32\DRIVERS\SymIM.sys - Manual/Running
SYMNDIS (SYMNDIS)- C:\WINDOWS\system32\Drivers\SYMNDIS.SYS - Manual/Running
tfsnboio (tfsnboio)- C:\WINDOWS\system32\dla\tfsnboio.sys - Auto/Running
tfsncofs (tfsncofs)- C:\WINDOWS\system32\dla\tfsncofs.sys - Auto/Running
tfsndrct (tfsndrct)- C:\WINDOWS\system32\dla\tfsndrct.sys - Auto/Running
tfsndres (tfsndres)- C:\WINDOWS\system32\dla\tfsndres.sys - Auto/Running
tfsnifs (tfsnifs)- C:\WINDOWS\system32\dla\tfsnifs.sys - Auto/Running
tfsnopio (tfsnopio)- C:\WINDOWS\system32\dla\tfsnopio.sys - Auto/Running
tfsnpool (tfsnpool)- C:\WINDOWS\system32\dla\tfsnpool.sys - Auto/Running
tfsnudf (tfsnudf)- C:\WINDOWS\system32\dla\tfsnudf.sys - Auto/Running
tfsnudfa (tfsnudfa)- C:\WINDOWS\system32\dla\tfsnudfa.sys - Auto/Running
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Running
====== Uninstall List From Registry ======
Adobe Flash Player 10 ActiveX
America Online (Choose which version to remove)
AOL Connectivity Services
AOL Coach Version 1.0(Build:20040229.1 en)
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Photo AIO Printer 922
HijackThis 2.0.2
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Update for Windows XP (KB967715)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.8)
My Way Search Assistant
Microsoft Picture It! Premium 10
Intel(R) PRO Network Adapters and Drivers
LiveUpdate (Symantec Corporation)
RealPlayer Basic
Shockwave
Learn2 Player (Uninstall Only)
Norton 360 (Symantec Corporation)
Norton Add-on Pack (Symantec Corporation)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Microsoft Web Embedding Fonts Tool (III)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
Microsoft Works 2005 Setup Launcher
Macromedia Flash Player
Microsoft Encarta Encyclopedia Standard 2005
Sonic RecordNow Data
Norton 360 HTMLHelp
Microsoft Plus! Photo Story 2 LE
Qualxserve Service Agreement
Sonic DLA
QuickBooks Simple Start Special Edition
Intel(R) PROSet for Wired Connections
QuickTime
Corel Paint Shop Pro X
GearDrvs
Norton 360
Backup
Smart Start UP
Norton 360
Sonic Update Manager
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Windows Media Player 10
WebFldrs XP
NetZeroInstallers
Internet Explorer Default Page
MSXML 4.0 SP2 (KB927978)
DXG-505V
Microsoft Picture It! Library 10
NetWaiting
Microsoft Works
Jasc Paint Shop Photo Album 5
Bonus
Microsoft Picture It! Premium 10
Symantec Technical Support Controls
Norton Security Center
Intel(R) Integrated Performance Primitives RTI 4.0
Norton Confidential Core
Norton AntiSpam
Dell Driver Reset Tool
AOLIcon
Parental Control
Microsoft Streets and Trips 2005
PowerDVD 5.5
Norton AntiVirus Help
Photo Click
Microsoft Plus! Digital Media Edition Installer
Java 2 Runtime Environment, SE v1.4.2_03
EarthLink setup files
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
SPBBC 32bit
CC_ccProxyExt
Jasc Paint Shop Pro Studio, Dell Editon
My Way Search Assistant
Get High Speed Internet!
DellSupport
Modem Helper
Jasc Paint Shop Pro 8 Dell Edition
MSXML 4.0 SP2 (KB954430)
Intel(R) Extreme Graphics 2 Driver
Musicmatch® Jukebox
Microsoft Word 2002
Microsoft Digital Image Library 9 - Blocker
SymNet
Sonic RecordNow Audio
ccPxyCore
Dell Media Experience
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Dell Picture Studio v3.0
Presto! VideoWorks 6
Sonic RecordNow Copy
ccCommon
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
Microsoft Works Suite Add-in for Microsoft Word
GearDrvs
Jasc Paint Shop Photo Album
ABBYY FineReader 5.0 Sprint Plus
Symantec Real Time Storage Protection Component
Works Upgrade
Dell Support Center
Digital Line Detect
LiveUpdate (Symantec Corporation)
CIB
AppCore
======== Other Info ========
TOTAL PHYSICAL RAM: 535 MB
====== Files with Hidden Attributes======
toya5185
5 Posts
0
April 6th, 2009 12:00
I haven't received a reply to my post in a few days... so I'm bumping it.
bamajim
10.4K Posts
0
April 6th, 2009 15:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
toya5185
5 Posts
0
April 8th, 2009 19:00
What should I expect when I run this, becasue I saw a black window pop up on the upper left hand side of my screen and then vanish. And I was wondering if whether or not the issue I'm having on my PC will prevent it from running.
bamajim
10.4K Posts
0
April 9th, 2009 10:00
If should have run differently than that.
1. Please download The Avenger by Swandog46 to your Desktop.
2. Now, start The Avenger program by clicking on its icon on your desktop.
3. The Avenger will automatically do the following:
4. Please copy/paste the content of c:\avenger.txt into your reply.
toya5185
5 Posts
0
April 9th, 2009 17:00
is there anything else I need to download while we're at it??
bamajim
10.4K Posts
0
April 10th, 2009 06:00
toya5185
At this point no. We may in the furture deopending on the out come of this step. The infection you have is hidding itself from detection, that is the reason you cannot get Combofix to run.