|
|
LThompson
new user
Reg'd: Tue
Posts: 2
|
Strange redirections
Tue Mar 25 2008 12:41 PM
|
|
|
I'm also being redirected to 'find-thricecock.com' can you help?
I didn't mean to start a new thread
ComboFix
ComboFix 08-03-23.2 - Liam 2008-03-25 12:33:18.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT 0:00]
Running from: C:\Downloads\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-24 22:36 . 2008-03-24 22:36 <DIR> d-------- C:\Program Files\Free-Antivirus.eu
2008-03-21 14:51 . 2008-03-21 14:51 <DIR> d--hs---- C:\FOUND.027
2008-03-21 12:55 . 2008-03-21 12:55 86 --a------ C:\WINDOWS\wininit.ini
2008-03-21 12:16 . 2008-03-21 12:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 12:16 . 2008-03-21 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 18:09 . 2008-03-20 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 16:18 . 2008-03-20 16:18 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-20 14:42 . 2008-03-20 14:42 <DIR> d-------- C:\Program Files\FRISK Software
2008-03-20 14:42 . 2008-03-20 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FRISK Software
2008-03-20 14:06 . 2008-03-20 14:06 <DIR> d-------- C:\fsaua.data
2008-03-20 13:54 . 2008-03-20 13:54 16,464 -r-hs---- C:\Program Files\tmp3.exe
2008-03-20 13:54 . 2008-03-20 13:54 16,464 -r-hs---- C:\Program Files\tmp2.exe
2008-03-20 13:54 . 2008-03-20 13:54 16,464 -r-hs---- C:\Program Files\tmp1.exe
2008-03-20 13:54 . 2008-03-20 13:54 16,464 -r-hs---- C:\Program Files\tmp0.exe
2008-03-18 17:56 . 2008-03-21 12:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 17:56 . 2008-03-18 17:56 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 22:47 . 2008-03-16 22:47 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-14 11:17 . 2008-03-14 11:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-14 10:51 . 2008-03-14 10:51 <DIR> d-------- C:\Program Files\Windows Live
2008-03-14 10:51 . 2008-03-14 10:51 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-14 10:46 . 2008-03-14 10:46 <DIR> d-------- C:\WINDOWS\Performance
2008-03-14 10:46 . 2008-03-14 10:46 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-03-14 10:46 . 2008-03-14 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-03-14 10:38 . 2008-03-14 10:38 <DIR> d-------- C:\Documents and Settings\Liam\Bluetooth Software
2008-03-14 10:30 . 2008-03-14 10:30 <DIR> d-------- C:\Program Files\WIDCOMM
2008-03-14 10:30 . 2008-03-14 10:28 879,496 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-03-14 10:30 . 2008-03-14 10:28 539,432 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-03-14 10:30 . 2008-03-14 10:28 156,392 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-03-14 10:30 . 2008-03-14 10:28 55,352 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-03-14 10:30 . 2008-03-14 10:28 37,424 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-03-14 10:30 . 2008-03-14 10:28 37,280 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys
2008-03-06 13:03 . 2008-03-06 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-01 12:58 . 2008-03-01 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 21:40 . 2008-02-28 21:40 <DIR> d-------- C:\Program Files\uTorrent
2008-02-28 21:40 . 2008-02-28 21:40 <DIR> d-------- C:\Documents and Settings\Liam\Application Data\uTorrent
2008-02-28 17:13 . 2008-02-28 17:13 <DIR> d-------- C:\Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:28 966,656 ----a-w C:\WINDOWS\system32\btrez.dll
2008-03-14 10:28 74,656 ----a-w C:\WINDOWS\system32\drivers\btwusb.sys
2008-02-17 21:41 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-13 19:07 --------- d-----w C:\Program Files\Promotion Wars 1.3
2008-02-10 14:35 31,592 ----a-w C:\Documents and Settings\Liam\Application Data\GDIPFONTCACHEV1.DAT
2008-01-29 20:08 --------- d-----w C:\Program Files\TVAnts
2008-01-29 20:05 --------- d-----w C:\Program Files\SopCast
2008-01-29 19:05 --------- d-----w C:\Program Files\Virtools
2008-01-29 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-27 22:15 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-12-06 19:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006120620061207\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-15 13:22 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-12 21:36 180269]
"antiviirus"="C:\Program Files\antiviirus.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 12:26:12 576104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DrvAvp"= {1fd261a0-e920-4680-b20b-f3fe6382e6ea} - C:\WINDOWS\Installer\{1fd261a0-e920-4680-b20b-f3fe6382e6ea}\DrvAvp.dll [2008-03-20 13:54 14378]
"zip"= {14a74bd0-1949-4b46-abc0-e2f98dd2c89b} - C:\WINDOWS\Installer\{14a74bd0-1949-4b46-abc0-e2f98dd2c89b}\zip.dll [2008-03-20 13:54 23330]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\TVANTS\\Tvants.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56456:TCP"= 56456:TCP:Azureus
R3 BELKIN;Belkin Wireless G USB Network Adapter;C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2007-06-01 05:13]
S2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Liam\LOCALS~1\Temp\asbp2poa.sys []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Liam\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\YH920GS.sys [2004-06-24 13:52]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 11:01:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 12:37:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Installer\{1fd261a0-e920-4680-b20b-f3fe6382e6ea}\DrvAvp.dll
-> C:\WINDOWS\Installer\{14a74bd0-1949-4b46-abc0-e2f98dd2c89b}\zip.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
.
**************************************************************************
.
Completion time: 2008-03-25 12:39:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 12:39:12
ComboFix2.txt 2008-03-23 21:08:18
.
2008-03-21 12:34:29 --- E O F ---
HiJackThis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34, on 2008-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CF23424.exe
C:\WINDOWS\system32\CF23424.exe
C:\Downloads\HiJackThis_v2.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\CF23424.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mfc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: DrvAvp - {1fd261a0-e920-4680-b20b-f3fe6382e6ea} - C:\WINDOWS\Installer\{1fd261a0-e920-4680-b20b-f3fe6382e6ea}\DrvAvp.dll
O21 - SSODL: zip - {14a74bd0-1949-4b46-abc0-e2f98dd2c89b} - C:\WINDOWS\Installer\{14a74bd0-1949-4b46-abc0-e2f98dd2c89b}\zip.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
--
End of file - 4531 bytes
Edited by LThompson (Tue Mar 25 2008 12:52 PM)
|
|
|
|
1 registered and 34 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
