HELP-this looks to be the place to post my Google hijack...

kimie28 · Joined: Aug 25, 2009 Posts: 2

I thought my computer was protected but obvisouly not. I got lots of trojans, worms and whatever else and think I was able to remove all them with Malwarebytes program. However, my Google is not working at all. Here is what the Hijackthis program found:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:35 PM, on 8/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 212.95.49.214 www.google.com
O1 - Hosts: 212.95.49.214 www.google.de
O1 - Hosts: 212.95.49.214 www.google.fr
O1 - Hosts: 212.95.49.214 www.google.co.uk
O1 - Hosts: 212.95.49.214 www.google.com.br
O1 - Hosts: 212.95.49.214 www.google.it
O1 - Hosts: 212.95.49.214 www.google.es
O1 - Hosts: 212.95.49.214 www.google.co.jp
O1 - Hosts: 212.95.49.214 www.google.com.mx
O1 - Hosts: 212.95.49.214 www.google.ca
O1 - Hosts: 212.95.49.214 www.google.com.au
O1 - Hosts: 212.95.49.214 www.google.nl
O1 - Hosts: 212.95.49.214 www.google.co.za
O1 - Hosts: 212.95.49.214 www.google.be
O1 - Hosts: 212.95.49.214 www.google.gr
O1 - Hosts: 212.95.49.214 www.google.at
O1 - Hosts: 212.95.49.214 www.google.se
O1 - Hosts: 212.95.49.214 www.google.ch
O1 - Hosts: 212.95.49.214 www.google.pt
O1 - Hosts: 212.95.49.214 www.google.dk
O1 - Hosts: 212.95.49.214 www.google.fi
O1 - Hosts: 212.95.49.214 www.google.ie
O1 - Hosts: 212.95.49.214 www.google.no
O1 - Hosts: 212.95.49.214 search.yahoo.com
O1 - Hosts: 212.95.49.214 us.search.yahoo.com
O1 - Hosts: 212.95.49.214 uk.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/37.09 ... oader2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5263521398
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} (canvidplayer8ctrl Class) - https://video.globalwageringservice.com ... layer8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94AF85FC-65A6-4C0A-926C-5D15A803A29F}: NameServer = 75.116.127.154 75.116.63.154
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe

--
End of file - 8628 bytes

I am far from being a computer tech so any help with this would be GREATLY appreciated!

THANKS!

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Welcome to Lockergnome.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Hoster at http://www.greyknight17.com/spy/Hoster.exe and run it. Click on Restore Original Hosts button and press OK. If you used a custom HOSTS file, you will need to restore the file back.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O1 - Hosts: 212.95.49.214 www.google.com
O1 - Hosts: 212.95.49.214 www.google.de
O1 - Hosts: 212.95.49.214 www.google.fr
O1 - Hosts: 212.95.49.214 www.google.co.uk
O1 - Hosts: 212.95.49.214 www.google.com.br
O1 - Hosts: 212.95.49.214 www.google.it
O1 - Hosts: 212.95.49.214 www.google.es
O1 - Hosts: 212.95.49.214 www.google.co.jp
O1 - Hosts: 212.95.49.214 www.google.com.mx
O1 - Hosts: 212.95.49.214 www.google.ca
O1 - Hosts: 212.95.49.214 www.google.com.au
O1 - Hosts: 212.95.49.214 www.google.nl
O1 - Hosts: 212.95.49.214 www.google.co.za
O1 - Hosts: 212.95.49.214 www.google.be
O1 - Hosts: 212.95.49.214 www.google.gr
O1 - Hosts: 212.95.49.214 www.google.at
O1 - Hosts: 212.95.49.214 www.google.se
O1 - Hosts: 212.95.49.214 www.google.ch
O1 - Hosts: 212.95.49.214 www.google.pt
O1 - Hosts: 212.95.49.214 www.google.dk
O1 - Hosts: 212.95.49.214 www.google.fi
O1 - Hosts: 212.95.49.214 www.google.ie
O1 - Hosts: 212.95.49.214 www.google.no
O1 - Hosts: 212.95.49.214 search.yahoo.com
O1 - Hosts: 212.95.49.214 us.search.yahoo.com
O1 - Hosts: 212.95.49.214 uk.search.yahoo.com

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

kimie28 · Joined: Aug 25, 2009 Posts: 2

Did everything, followed all steps and Google is working Smile

Here is combofix report:

ComboFix 09-08-27.02 - Auctionnx9010 08/27/2009 22:46.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.206 [GMT -4:00]
Running from: c:\documents and settings\Auctionnx9010\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Auctionnx9010\Application Data\Google\T-Scan
c:\documents and settings\Auctionnx9010\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Auctionnx9010\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Auctionnx9010\Application Data\Google\T-Scan\y.gif
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-583907252-1060284298-854245398-500
c:\recycler\S-1-5-21-839522115-1844237615-2147137731-3819
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101465653.xe
c:\windows\prxid93ps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-23 07:13 . 2009-08-23 07:13 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 07:13 . 2009-08-23 07:13 -------- d-----w- c:\program files\MSBuild
2009-08-23 07:12 . 2009-08-23 07:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-23 07:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-23 07:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-23 07:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-23 07:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-23 07:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-23 07:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-23 07:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-23 07:11 . 2009-08-23 07:12 -------- d-----w- C:\63485148a8b48599f724a650
2009-08-22 20:06 . 2009-08-22 20:06 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2009-08-22 20:05 . 2009-08-22 20:45 -------- d-----w- c:\documents and settings\Auctionnx9010\Application Data\IObit
2009-08-22 20:05 . 2009-08-22 20:05 -------- d-----w- c:\program files\IObit
2009-08-22 19:49 . 2009-08-22 19:49 -------- d-sh--w- c:\documents and settings\Auctionnx9010\IECompatCache
2009-08-22 19:48 . 2009-08-22 19:48 -------- d-sh--w- c:\documents and settings\Auctionnx9010\PrivacIE
2009-08-22 19:38 . 2009-08-22 19:38 -------- d-sh--w- c:\documents and settings\Auctionnx9010\IETldCache
2009-08-22 19:33 . 2009-08-22 19:34 -------- d-----w- c:\windows\ie8updates
2009-08-22 19:27 . 2009-08-22 19:32 -------- dc-h--w- c:\windows\ie8
2009-08-22 19:25 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-22 19:25 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-22 19:25 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-22 19:25 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-22 19:25 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-22 19:22 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-22 02:50 . 2009-08-22 02:50 127921 ----a-w- c:\documents and settings\Auctionnx9010\Application Data\Move Networks\uninstall.exe
2009-08-22 02:49 . 2009-08-22 02:50 1686744 ----a-w- c:\documents and settings\Auctionnx9010\Application Data\Move Networks\MoveMediaPlayerWin_071504000001.exe
2009-08-22 02:38 . 2009-08-22 02:50 -------- d-----w- c:\documents and settings\Auctionnx9010\Application Data\Move Networks
2009-08-20 22:45 . 2009-08-20 23:02 3942047 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-20 22:36 . 2009-08-20 22:36 -------- d-----w- c:\documents and settings\Auctionnx9010\Application Data\Malwarebytes
2009-08-20 22:36 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 22:36 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 22:36 . 2009-08-20 22:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-20 22:36 . 2009-08-20 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 03:00 . 2009-08-23 02:42 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-08-20 01:27 . 2009-08-21 00:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\18647214
2009-08-19 22:37 . 2009-08-19 22:37 -------- d-----w- c:\program files\Verizon Wireless
2009-08-19 22:36 . 2007-06-18 19:18 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-08-19 22:36 . 2006-11-13 19:45 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-08-19 22:36 . 2009-08-19 22:36 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-19 22:35 . 2009-08-19 22:35 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-08-19 01:29 . 2009-08-19 01:29 -------- d-----w- c:\windows\system32\windows media
2009-08-19 01:29 . 2009-08-19 01:29 -------- d--h--w- c:\windows\msdownld.tmp
2009-08-17 00:20 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-08-17 00:20 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-17 00:19 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-08-17 00:19 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-15 01:28 . 2009-08-15 01:28 -------- d-----w- c:\program files\Microsoft
2009-08-15 01:11 . 2009-08-15 01:11 152576 ----a-w- c:\documents and settings\Auctionnx9010\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-12 03:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 05:34 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 05:34 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 05:34 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-08 05:34 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 05:34 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 05:34 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 05:34 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-08 05:34 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-08 05:34 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 05:34 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-08 05:34 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-08 05:33 . 2009-08-08 05:33 -------- d-----w- c:\program files\Alwil Software
2009-08-08 03:49 . 2009-08-08 04:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 03:00 . 2007-01-23 15:17 -------- d-----w- c:\program files\Google
2009-08-24 21:57 . 2008-07-21 22:39 -------- d-----w- c:\program files\Trend Micro
2009-08-22 02:50 . 2009-06-17 07:52 4183416 ----a-w- c:\documents and settings\Auctionnx9010\Application Data\Move Networks\plugins\npqmp071504000001.dll
2009-08-19 22:44 . 2009-07-13 22:29 -------- d-----w- c:\documents and settings\Auctionnx9010\Application Data\Smith Micro
2009-08-19 22:42 . 2009-08-19 22:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-08-19 22:42 . 2009-08-19 22:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-15 01:21 . 2009-06-04 02:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-15 01:21 . 2007-01-23 15:15 -------- d-----w- c:\program files\Java
2009-08-08 03:52 . 2009-07-13 22:25 1618 ----a-w- c:\program files\ALLTEL Internet Accelerator Client setup.log
2009-08-07 20:48 . 2008-07-07 01:54 -------- d-----w- c:\documents and settings\Auctionnx9010\Application Data\dvdcss
2009-08-07 20:47 . 2008-01-09 15:48 63184 ----a-w- c:\documents and settings\Auctionnx9010\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 00:36 . 2009-01-22 00:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 22:27 . 2009-07-13 22:27 -------- d-----w- c:\program files\Common Files\Smith Micro Shared
2009-07-13 22:27 . 2009-07-13 22:27 -------- d-----w- c:\program files\Alltel
2009-07-13 22:26 . 2009-07-13 22:26 -------- d-----w- c:\program files\ALLTEL Communications
2009-07-13 22:26 . 2007-01-04 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 07:52 . 2009-06-17 07:52 97144 ----a-w- c:\documents and settings\Auctionnx9010\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2007-09-14 22:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[7] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-07-24 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608]

c:\documents and settings\Auctionnx9010\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2009-8-19 1770800]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/8/2009 1:34 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/8/2009 1:34 AM 20560]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [9/14/2007 2:06 PM 26624]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 5:58 PM 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 5:59 PM 273536]
R3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [7/13/2009 6:27 PM 29952]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2/3/2009 9:23 PM 153760]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F94859F2-3810-48FA-8403-0E163FD67CAD} - hxxps://video.globalwageringservice.com/canvid/canvidplayer8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-28 23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 03:03

Pre-Run: 25,017,401,344 bytes free
Post-Run: 25,079,574,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

224 --- E O F --- 2009-08-24 10:41

Thank you so much greyknight17!!

Am I to do anything else?

greyknight17 · Joined: Feb 03, 2003 Posts: 5674 Location: Brooklyn, NY

Just one more thing. The file located at c:\windows\system32\beep.sys needs to be restored. Do you have a Windows CD with Service Pack 3 on it or did you download and install Service Pack 3 separately? If you have the CD with SP3, go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done. If you downloaded it separately, try to grab a copy of beep.sys from another computer with Service Pack 3 and copy it to your system32 folder.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.