Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Redirect/Jump Virus
   
BullGuard Antivirus Forum > Virus > Virus Questions > Redirect/Jump Virus  
Forum Quick Jump
 
New Topic Post reply to : Redirect/Jump Virus Printable version of : Redirect/Jump Virus
[ << Previous Thread | Next Thread >> ]

jeremiahschmidtrox
New Member


Date Joined Oct 2008
Total Posts : 5
  		   Posted 10-9-2008 6:02 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Hi I have this problem and any help would be great... whenever i click on a link mainly in google it redirects me to a totally different page. before it quickly goes to a page named redirect the a page named jump and then to the non-related page... I have run Trend Micro Hijack This - v2.0.2 and this was the log file...
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:31, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\CNAB5RPK.EXE
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\FolderShare\FolderShare.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Program Files\Windows Live\FolderShare\FolderShare.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166394647453
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O21 - SSODL: CfgInfo - {08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - C:\Program Files\dhahmac\CfgInfo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu!!!!a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 8691 bytes
 
Thanks 4 any help!! 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-9-2008 7:15 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Hello scool
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
Copy and Paste that log into your next reply, and tell how things are running now ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jeremiahschmidtrox
New Member


Date Joined Oct 2008
Total Posts : 5
  		   Posted 10-9-2008 9:58 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Hi thnx 4 helping me ... it works well like it doesnt jump to a non-related site anymore... it said after i went to remove the 5 threats found that some couldn't be removed and i had to reboot to remove them... would they be gone now because i have rebooted my computer...
ALSO whenever i start my computer the fire wall is switched off... when i try to change it a msg box appears and says "Due to an unidentified problem windows firewall settings could not be displayed."
Here is my log from the malware thing.
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 3
9/10/2008 7:46:27 PM
mbam-log-2008-10-09 (19-46-27).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 96674
Time elapsed: 33 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{08AA84D9-CBF4-F2DD-3E1A-01F02C470590} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\cfginfo (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\dhahmac\CfgInfo.dll (Trojan.FakeAlert.H) -> Delete on reboot.
Thsankyou again
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-9-2008 11:21 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
It looks like you still have some infections, I´ll therefore suggest you post a comboblog ->
 
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jeremiahschmidtrox
New Member


Date Joined Oct 2008
Total Posts : 5
  		   Posted 10-9-2008 12:11 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Hey after i ran combofix after the program rebooted the computer there was no pop up saying that firewall was turned off so i think thats good...
PLEASE SEE MY LOG
ComboFix 08-10-08.02 - User 2008-10-09 21:54:13.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.153 [GMT 11:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
 * Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Application Data\inst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32

(((((((((((((((((((((((((   Files Created from 2008-09-09 to 2008-10-09  )))))))))))))))))))))))))))))))
.
2008-10-09 20:44 . 2008-10-09 20:44 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-10-09 19:05 . 2008-10-09 19:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 19:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 19:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 12:28 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-10-09 12:28 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-10-09 12:28 . 2008-04-14 11:12 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-10-09 12:16 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-10-09 12:16 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-10-09 12:16 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-10-09 12:16 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-10-09 12:16 . 2004-08-04 23:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-10-09 12:16 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-10-09 12:16 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-10-09 12:16 . 2008-04-14 04:45 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-10-09 12:16 . 2004-08-04 23:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-10-09 12:16 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-10-09 12:14 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-10-09 12:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-10-09 12:12 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-10-09 12:12 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2008-10-09 12:12 . 2001-08-17 14:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2008-10-09 12:12 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2008-10-09 12:12 . 2008-04-14 10:12 82,944 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-10-09 12:12 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2008-10-09 12:12 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2008-10-09 12:12 . 2001-08-17 22:36 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2008-10-09 12:12 . 2001-08-17 13:51 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2008-10-09 12:11 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-10-09 12:11 . 2004-08-04 23:00 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2008-10-09 12:11 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-10-09 12:11 . 2001-08-17 12:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2008-10-09 12:10 . 2008-04-14 04:40 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-10-09 12:10 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-10-09 12:10 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-10-09 12:10 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-10-09 12:10 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-10-09 12:10 . 2004-08-04 23:00 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2008-10-09 12:10 . 2004-08-04 23:00 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2008-10-09 12:10 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-10-09 12:10 . 2004-08-04 23:00 13,192 --a--c--- C:\WINDOWS\system32\dllcache\tdasync.sys
2008-10-09 12:10 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-10-09 12:09 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-10-09 12:09 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-10-09 12:09 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-10-09 12:09 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-10-09 12:08 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-10-09 12:08 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-10-09 12:08 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-10-09 12:08 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-10-09 12:08 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-10-09 12:08 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-10-09 12:08 . 2001-08-17 14:02 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-10-08 22:48 . 2008-01-15 10:20 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-08 22:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-08 22:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-08 22:20 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-08 22:20 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-08 22:20 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-08 22:20 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 22:20 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-08 22:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-08 22:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-08 22:02 . 2008-10-09 19:48 <DIR> d-------- C:\Program Files\dhahmac
2008-10-08 22:02 . 2008-10-08 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fejozmnc
2008-10-08 22:02 . 2008-10-08 22:02 98,304 --a------ C:\WINDOWS\system32\dsfifmdq.exe
2008-10-08 22:02 . 2008-10-08 22:02 10,240 --a------ C:\WINDOWS\system32\brastk.exe
2008-10-01 18:37 . 2008-10-01 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-09-29 20:34 . 2008-09-29 20:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-09-29 20:34 . 2008-09-29 20:34 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-29 20:34 . 2008-09-29 20:42 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-09-29 19:56 . 2008-09-29 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-09-28 20:54 . 2008-09-28 20:54 <DIR> d-------- C:\Program Files\Sidebar
2008-09-28 15:22 . 2008-10-04 13:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\dvdcss
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Program Files\NCH Software
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\User\Application Data\Recordpad
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-09-27 21:28 . 2008-09-27 21:34 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-09-22 19:37 . 2008-09-22 19:37 <DIR> d-------- C:\Program Files\Windows Live
2008-09-22 19:17 . 2008-09-22 19:19 <DIR> d-------- C:\CM60S
2008-09-22 19:16 . 2008-09-22 19:16 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-09-22 19:16 . 1998-07-30 15:47 363,892 --a------ C:\WINDOWS\ISUN16.EXE
2008-09-22 19:16 . 1995-07-13 20:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-09-21 12:27 . 2008-09-21 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-12 23:44 . 2008-09-12 23:45 <DIR> d-------- C:\Program Files\iTunes
2008-09-12 23:44 . 2008-09-12 23:44 <DIR> d-------- C:\Program Files\iPod
2008-09-12 23:44 . 2008-09-12 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 23:42 . 2008-09-12 23:42 <DIR> d-------- C:\Program Files\Bonjour
2008-09-12 23:39 . 2008-09-12 23:40 <DIR> d-------- C:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 04:53 --------- d-----w C:\Program Files\Trend Micro
2008-10-09 04:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-09 04:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 11:30 2,428 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-02 09:43 --------- d-----w C:\Program Files\CCleaner
2008-09-29 09:41 --------- d-----w C:\Program Files\DVD Shrink
2008-09-12 12:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-11 00:38 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 08:00 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-09-09 08:00 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-09 08:00 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-09 08:00 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-09 08:00 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-04 12:45 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-04 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 12:20 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-09-04 10:28 --------- d-----w C:\Documents and Settings\User\Application Data\ACD Systems
2008-09-03 22:58 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-09-03 10:42 --------- d-----w C:\Program Files\Realtek
2008-09-03 10:42 --------- d-----w C:\Program Files\KODAK Picture CD
2008-09-03 10:42 --------- d-----w C:\Program Files\DivX
2008-09-03 10:42 --------- d-----w C:\Documents and Settings\User\Application Data\toshiba
2008-09-03 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-09-01 13:09 --------- d-----w C:\Documents and Settings\User\Application Data\GlarySoft
2008-08-30 12:48 --------- d-----w C:\Documents and Settings\User\Application Data\TeamViewer
2008-08-30 07:03 --------- d-----w C:\Program Files\Glary Utilities
2008-08-29 11:22 --------- d-----w C:\Documents and Settings\User\Application Data\Systweak
2008-08-29 11:05 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 16:12 1,341,952 --sh--r C:\WINDOWS\msnexec.exe
2008-08-13 09:33 --------- d-----w C:\Program Files\vixy.net
2008-08-12 11:50 --------- d-----w C:\Program Files\uTorrent
2008-08-09 11:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-08-09 11:30 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-09 11:27 99,568 ----a-w C:\WINDOWS\system32\isafeif.dll
2008-08-09 11:27 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-08-09 11:27 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
2008-08-09 11:27 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-08-09 11:23 --------- d-----w C:\Program Files\CA
2008-08-09 09:00 --------- d-----w C:\Program Files\Apple Software Update
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-11-02 10:10 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Windows Live FolderShare"="C:\Program Files\Windows Live\FolderShare\FolderShare.exe" [2008-05-30 1326624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-03 364544]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-09 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"TDispVol"="TDispVol.exe" [2005-03-12 C:\WINDOWS\system32\TDispVol.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 11:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
--a------ 2006-04-26 11:57 299008 C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2004-09-02 16:51 221184 C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 15:13 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 15:17 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 15:17 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 18:40 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2004-09-20 08:16 196608 C:\PROGRA~1\SCROLL~1\MouseElf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-27 10:13 122880 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2006-02-03 06:11 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-18 11:22 89541 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 21:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-08-23 23:08 16050688 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-05-31 21:00 282624 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\CNAB5RPK.EXE"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\FolderShare\\FolderShare.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-29 98816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 194304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cf53048-65ee-11dd-9c04-0018de2d6691}]
\Shell\AutoRun\command - E:\setup.exe
\Shell\install\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f064f28c-2f1d-11dd-9bd6-0018de2d6691}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-09-21 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as User at 12 00 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-09-09 19:00]
2008-10-09 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 12:08]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-lxcemon - (no file)
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-pccguide - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.bigpond.com/homepage/
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = local;*.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 22:04:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\CNAB5RPK.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-10-09 22:07:24 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-09 11:06:58
Pre-Run: 39,483,228,160 bytes free
Post-Run: 39,504,437,248 bytes free
329 --- E O F --- 2008-09-11 00:44:30
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-10-2008 5:53 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Sounds good smile
 
 
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 
Open notepad and copy/paste the text in the quotebox below into it:


Quote:
 
Killall::
 
Snapshot::
 
 
File::
C:\WINDOWS\system32\dsfifmdq.exe
C:\WINDOWS\system32\brastk.exe

Folder::
C:\Program Files\dhahmac
C:\Documents and Settings\All Users\Application Data\fejozmnc
 
 
 
Save this as:
CFScript
 
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix  log.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jeremiahschmidtrox
New Member


Date Joined Oct 2008
Total Posts : 5
  		   Posted 10-10-2008 10:12 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
HI heres the log... my web browser is running a little slower than usual now any suggestions
LOG
ComboFix 08-10-08.02 - User 2008-10-10 19:55:41.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.260 [GMT 11:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
 * Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
FILE ::
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\dsfifmdq.exe
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\fejozmnc
C:\Documents and Settings\All Users\Application Data\fejozmnc\twlenuna.exe
C:\Program Files\dhahmac
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\dsfifmdq.exe
.
(((((((((((((((((((((((((   Files Created from 2008-09-10 to 2008-10-10  )))))))))))))))))))))))))))))))
.
2008-10-10 13:35 . 2008-10-10 13:35 <DIR> d-------- C:\Program Files\Sophos
2008-10-09 22:45 . 2008-10-09 22:45 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-10-09 20:44 . 2008-10-09 20:44 <DIR> d-------- C:\Program Files\MagicDVDRipper
2008-10-09 19:05 . 2008-10-09 19:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 19:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 19:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 12:28 . 2008-07-14 05:09 212,728 --a------ C:\WINDOWS\CMDLIC.DLL
2008-10-09 12:28 . 2008-07-14 05:09 205,560 --a------ C:\WINDOWS\UNBOC.EXE
2008-10-09 12:28 . 2008-04-14 11:12 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-10-09 12:16 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-10-09 12:16 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-10-09 12:16 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-10-09 12:16 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-10-09 12:16 . 2004-08-04 23:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-10-09 12:16 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-10-09 12:16 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-10-09 12:16 . 2008-04-14 04:45 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-10-09 12:16 . 2004-08-04 23:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-10-09 12:16 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-10-09 12:14 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-10-09 12:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-10-09 12:12 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-10-09 12:12 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2008-10-09 12:12 . 2001-08-17 14:02 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2008-10-09 12:12 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2008-10-09 12:12 . 2008-04-14 10:12 82,944 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-10-09 12:12 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2008-10-09 12:12 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2008-10-09 12:12 . 2001-08-17 22:36 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2008-10-09 12:12 . 2001-08-17 13:51 4,992 --a--c--- C:\WINDOWS\system32\dllcache\toside.sys
2008-10-09 12:11 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-10-09 12:11 . 2004-08-04 23:00 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2008-10-09 12:11 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-10-09 12:11 . 2001-08-17 12:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2008-10-09 12:10 . 2008-04-14 04:40 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-10-09 12:10 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-10-09 12:10 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-10-09 12:10 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-10-09 12:10 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-10-09 12:10 . 2004-08-04 23:00 21,896 --a--c--- C:\WINDOWS\system32\dllcache\tdipx.sys
2008-10-09 12:10 . 2004-08-04 23:00 19,464 --a--c--- C:\WINDOWS\system32\dllcache\tdspx.sys
2008-10-09 12:10 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-10-09 12:10 . 2004-08-04 23:00 13,192 --a--c--- C:\WINDOWS\system32\dllcache\tdasync.sys
2008-10-09 12:10 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-10-09 12:09 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-10-09 12:09 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-10-09 12:09 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-10-09 12:09 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-10-09 12:08 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-10-09 12:08 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-10-09 12:08 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-10-09 12:08 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-10-09 12:08 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-10-09 12:08 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-10-09 12:08 . 2001-08-17 14:02 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-10-08 22:48 . 2008-01-15 10:20 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-08 22:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-08 22:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-08 22:20 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-08 22:20 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-08 22:20 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-08 22:20 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 22:20 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-08 22:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-08 22:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-01 18:37 . 2008-10-01 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-09-29 20:34 . 2008-09-29 20:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-09-29 20:34 . 2008-09-29 20:34 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-29 20:34 . 2008-09-29 20:42 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-09-29 19:56 . 2008-09-29 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-09-28 20:54 . 2008-09-28 20:54 <DIR> d-------- C:\Program Files\Sidebar
2008-09-28 15:22 . 2008-10-04 13:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\dvdcss
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Program Files\NCH Software
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\User\Application Data\Recordpad
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\User\Application Data\NCH Swift Sound
2008-09-27 21:29 . 2008-09-27 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-09-27 21:28 . 2008-09-27 21:34 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-09-22 19:37 . 2008-09-22 19:37 <DIR> d-------- C:\Program Files\Windows Live
2008-09-22 19:17 . 2008-09-22 19:19 <DIR> d-------- C:\CM60S
2008-09-22 19:16 . 2008-09-22 19:16 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-09-22 19:16 . 1998-07-30 15:47 363,892 --a------ C:\WINDOWS\ISUN16.EXE
2008-09-22 19:16 . 1995-07-13 20:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-09-21 12:27 . 2008-09-21 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-12 23:44 . 2008-09-12 23:45 <DIR> d-------- C:\Program Files\iTunes
2008-09-12 23:44 . 2008-09-12 23:44 <DIR> d-------- C:\Program Files\iPod
2008-09-12 23:44 . 2008-09-12 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 23:42 . 2008-09-12 23:42 <DIR> d-------- C:\Program Files\Bonjour
2008-09-12 23:39 . 2008-09-12 23:40 <DIR> d-------- C:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 04:53 --------- d-----w C:\Program Files\Trend Micro
2008-10-09 04:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-09 04:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 11:30 2,428 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-02 09:43 --------- d-----w C:\Program Files\CCleaner
2008-09-29 09:41 --------- d-----w C:\Program Files\DVD Shrink
2008-09-12 12:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-11 00:38 --------- d-----w C:\Program Files\Microsoft Works
2008-09-09 08:00 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-09-09 08:00 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-09 08:00 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-09 08:00 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-09 08:00 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-04 12:45 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-04 12:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 12:20 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-09-04 10:28 --------- d-----w C:\Documents and Settings\User\Application Data\ACD Systems
2008-09-03 22:58 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-09-03 10:42 --------- d-----w C:\Program Files\Realtek
2008-09-03 10:42 --------- d-----w C:\Program Files\KODAK Picture CD
2008-09-03 10:42 --------- d-----w C:\Program Files\DivX
2008-09-03 10:42 --------- d-----w C:\Documents and Settings\User\Application Data\toshiba
2008-09-03 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-09-01 13:09 --------- d-----w C:\Documents and Settings\User\Application Data\GlarySoft
2008-08-30 12:48 --------- d-----w C:\Documents and Settings\User\Application Data\TeamViewer
2008-08-30 07:03 --------- d-----w C:\Program Files\Glary Utilities
2008-08-29 11:22 --------- d-----w C:\Documents and Settings\User\Application Data\Systweak
2008-08-29 11:05 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-08-29 00:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-28 23:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 16:12 1,341,952 --sh--r C:\WINDOWS\msnexec.exe
2008-08-13 09:33 --------- d-----w C:\Program Files\vixy.net
2008-08-12 11:50 --------- d-----w C:\Program Files\uTorrent
2008-08-09 11:27 99,568 ----a-w C:\WINDOWS\system32\isafeif.dll
2008-08-09 11:27 83,256 ----a-w C:\WINDOWS\system32\vetredir.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-11-02 10:10 51,422,520 ----a-w C:\Program Files\iTunes743Setup.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Windows Live FolderShare"="C:\Program Files\Windows Live\FolderShare\FolderShare.exe" [2008-05-30 1326624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-03 364544]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-09-09 181488]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"TDispVol"="TDispVol.exe" [2005-03-12 C:\WINDOWS\system32\TDispVol.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 11:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]
--a------ 2006-04-26 11:57 299008 C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2004-09-02 16:51 221184 C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 15:13 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 15:17 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 15:17 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 18:40 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2004-09-20 08:16 196608 C:\PROGRA~1\SCROLL~1\MouseElf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-27 10:13 122880 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2006-02-03 06:11 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-18 11:22 89541 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 21:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-08-23 23:08 16050688 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-05-31 21:00 282624 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\CNAB5RPK.EXE"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\FolderShare\\FolderShare.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-29 98816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\29.tmp [ ]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-07 194304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cf53048-65ee-11dd-9c04-0018de2d6691}]
\Shell\AutoRun\command - E:\setup.exe
\Shell\install\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f064f28c-2f1d-11dd-9bd6-0018de2d6691}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2008-09-21 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as User at 12 00 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-09-09 19:00]
2008-10-10 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-07-18 12:08]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 20:03:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\29.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\CNAB5RPK.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-10 20:09:32 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-10 09:09:01
ComboFix2.txt  2008-10-09 11:07:26
Pre-Run: 39,229,956,096 bytes free
Post-Run: 39,214,829,568 bytes free
313 --- E O F --- 2008-09-11 00:44:30
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-10-2008 11:04 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Maybe Ccleaner can speed things up -
 
Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit
Reboot, and tell how things are running ?
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jeremiahschmidtrox
New Member


Date Joined Oct 2008
Total Posts : 5
  		   Posted 10-10-2008 11:15 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Thankyou much better!!! You are the best!!! do i need 2 do anything else??? i think i found the problem to the slow networking I ran CA anti spy ware and it foun KaZaA a P2P or sumfin...
heres wat CA said about it...
P2P:  Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.

Post Edited (jeremiahschmidtrox) : 10-10-2008 10:19:06 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 16319
  		   Posted 10-10-2008 11:30 (GMT +1)    Quote: Redirect/Jump VirusAlert an admin about: Redirect/Jump Virus
Great smilewinkgrin
 
 
It was probably C:\Program Files\uTorrent it found
 
 
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps:
System Restore
 
 
Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->
Uninstall ComboFix. Delete its related folders and files.
Reset your clock settings. Hide file extensions.
Hide the system/hidden files. And resets System Restore again.
 Also, please read this article by Tony Klein: How I got Infected in the First Place
If you have any questions or comments, feel free to post back smile

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Redirect/Jump Virus Printable version of : Redirect/Jump Virus
 
Forum Information
Currently it is Saturday, November 21, 2009 10:59 AM (GMT +1)
There are a total of 73.030 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30334 registered members. Please welcome our newest member, sushil.
41 Guest(s), 1 Registered Member(s) are currently online.  Details
Dickens
5 Latest Threads
Michael Vick jerseys (1)21-11-2009 09:42:37 (Dickens)
Arizona Cardinals Jerseys (1)21-11-2009 09:37:23 (Dickens)
How to remove this Malware/Virus (0)21-11-2009 06:54:16 (bozzack)
Atlanta Falcons Jerseys (0)21-11-2009 06:15:26 (donejerseys)
Need help with virus that takes over admin powers (0)21-11-2009 05:38:23 (urbane)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard