jchelstowski Posted December 26, 2008 Report Share Posted December 26, 2008 I registered on my laptop because my desktop is so infected when I go to follow the registration link I get "this page cannot be displayed". I can get to some sites by directly typing in the address on the browser but not any anti-virus sites. All searches get re-directed. I think this laptop is having problems with searches getting redirected as well. The log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:18 PM, on 12/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\basfipm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exec:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Visioneer\OneTouch 4.0\OtService.exeC:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exeC:\WINDOWS\system32\CCM\CcmExec.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Ascentive\Performance Center\ApcMain.exeC:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netversant.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -mO4 - HKCU\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -mO4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://my.netversant.comO15 - Trusted Zone: http://collaboration.netversant.com (HKLM)O15 - Trusted Zone: http://my.netversant.com (HKLM)O15 - Trusted Zone: http://nv-netmon.internal.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oadb1.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oadb2.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oadb3.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oadb4.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv1.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv2.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv3.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv4.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv5.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv6.netversant.com (HKLM)O15 - Trusted Zone: http://nv-oasrv7.netversant.com (HKLM)O15 - Trusted Zone: http://owa.netversant.com (HKLM)O15 - Trusted Zone: http://sso.netversant.com (HKLM)O15 - Trusted Zone: http://webmail.netversant.com (HKLM)O15 - ESC Trusted Zone: http://download.mozilla.org (HKLM)O15 - ESC Trusted Zone: http://www.mozilla.org (HKLM)O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cabO16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - http://sales.netversant.com/sales_enu/1627...lOptionPack.cabO16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) - http://nv-oasrv2.netversant.com:52104/jinitiator/oajinit.exeO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netversant.webex.com/client/v_myweb...bex/ieatgpc.cabO16 - DPF: {e2258010-b53c-11d6-b64d-00c04faedb18} (Oracle JInitiator 1.1.8.20) - http://ux2.netversant.com:8003/ji11820.exeO18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dllO18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exeO23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeO23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Quest Resource Updating Agent (Vmover.exe) - Quest Software - C:\WINDOWS\System32\Vmover.exeO23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exeO23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)--End of file - 11376 bytes Link to post Share on other sites
sarahw Posted December 29, 2008 Report Share Posted December 29, 2008 Hi,We'll have a look at both machines. We'll deal with the one stated above first.We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites
sarahw Posted January 4, 2009 Report Share Posted January 4, 2009 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts