Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Clicking on Google search takes me 3rd party spam sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Clicking on Google search takes me 3rd party spam sites

Unread postby szubski » June 17th, 2010, 7:13 pm

I ran combofix -- trying to ensure it cleaned my PC.

Here's the log:

ComboFix 10-06-17.02 - NRSzubski 06/17/2010 15:32:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2398 [GMT -7:00]
Running from: c:\documents and settings\NRSzubski\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dr. Awesome\Application Data\Sky-Banners
c:\documents and settings\Dr. Awesome\Application Data\Sky-Banners\skb\log.xml
c:\documents and settings\Dr. Awesome\Application Data\Street-Ads
c:\documents and settings\NRSzubski\Application Data\308D65C33D6AB298223ADD100146F14B
c:\documents and settings\NRSzubski\Application Data\308D65C33D6AB298223ADD100146F14B\enemies-names.txt
c:\documents and settings\NRSzubski\Application Data\308D65C33D6AB298223ADD100146F14B\local.ini
c:\documents and settings\NRSzubski\Application Data\Sky-Banners
c:\documents and settings\NRSzubski\Application Data\Sky-Banners\skb\log.xml
c:\documents and settings\NRSzubski\Application Data\Street-Ads
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\ipfjjfxh.dll
c:\windows\system32\win.com
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-15 20:20 . 2010-06-15 20:20 -------- d-----w- c:\program files\Defense Center
2010-06-11 19:39 . 2010-06-11 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-06-11 19:39 . 2010-06-11 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-06-11 19:39 . 2010-06-11 19:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-06-11 19:14 . 2010-06-11 19:14 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\VS Revo Group
2010-06-11 18:08 . 2010-06-11 18:08 -------- d-----w- c:\documents and settings\NRSzubski\Local Settings\Application Data\VS Revo Group
2010-06-11 18:08 . 2009-12-30 19:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-06-11 18:08 . 2010-06-11 18:08 -------- d-----w- c:\program files\Revo Uninstaller Pro
2010-06-11 17:33 . 2010-06-11 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-11 17:27 . 2010-06-02 05:56 71152 ----a-w- c:\windows\system32\avutil-50.dll
2010-06-10 22:19 . 2010-06-10 22:19 -------- d-----w- c:\documents and settings\Dr. Awesome\Local Settings\Application Data\Temp
2010-06-10 22:19 . 2010-06-10 22:19 -------- d-----w- c:\documents and settings\Dr. Awesome\Local Settings\Application Data\Google
2010-06-10 01:04 . 2010-06-10 01:04 -------- d-----w- c:\documents and settings\NRSzubskitemp
2010-06-08 16:51 . 2010-06-08 16:51 2304 ----a-w- c:\windows\system32\mipsinf.sys
2010-06-07 20:11 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-07 20:10 . 2008-04-14 07:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-06-07 20:09 . 2001-08-18 05:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-06-07 20:08 . 2008-04-14 12:00 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2010-06-07 20:07 . 2008-04-14 12:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2010-06-07 20:06 . 2001-08-17 20:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-06-07 20:05 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-06-07 20:04 . 2008-04-14 07:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2010-06-07 20:03 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-06-07 20:02 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-06-07 20:01 . 2008-04-14 12:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-06-07 20:00 . 2001-08-18 05:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2010-06-07 19:59 . 2001-08-18 05:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-06-07 19:58 . 2001-08-17 20:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-06-07 19:57 . 2001-08-18 05:36 6216 -c--a-w- c:\windows\system32\dllcache\divaci.dll
2010-06-07 19:56 . 2008-04-14 12:41 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2010-06-07 19:55 . 2001-08-17 20:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2010-06-06 17:37 . 2010-06-06 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-05 03:57 . 2010-06-05 03:57 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\Malwarebytes
2010-06-05 03:57 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-05 03:57 . 2010-06-05 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-05 03:57 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-05 03:57 . 2010-06-05 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 02:38 . 2010-06-05 02:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-05 02:32 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-05 02:32 . 2009-10-06 23:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-05 02:32 . 2009-09-23 23:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-05 02:32 . 2010-02-05 16:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-05 02:31 . 2010-06-17 22:52 -------- d-----w- c:\program files\Spyware Doctor
2010-06-05 02:31 . 2010-06-05 02:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-05 02:31 . 2010-06-05 02:31 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\PC Tools
2010-06-05 02:31 . 2010-06-05 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-05 00:10 . 2010-06-05 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-05 00:09 . 2010-06-05 00:09 135680 --sha-r- c:\windows\system32\xinput1_2L.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 22:52 . 2010-02-10 22:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-17 22:28 . 2009-09-18 03:02 3629344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-17 22:28 . 2009-10-30 11:17 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\Skype
2010-06-17 17:02 . 2009-10-30 11:18 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\skypePM
2010-06-17 16:58 . 2009-10-30 12:54 -------- d-----w- c:\program files\RegScrubXP
2010-06-17 02:50 . 2009-10-31 03:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-15 17:21 . 2010-02-05 23:01 50354 ----a-w- c:\documents and settings\NRSzubski\Application Data\Facebook\uninstall.exe
2010-06-15 17:21 . 2010-02-05 23:01 -------- d-----w- c:\documents and settings\NRSzubski\Application Data\Facebook
2010-06-11 19:39 . 2009-09-18 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lenovo
2010-06-11 19:17 . 2009-10-27 11:49 -------- d-----w- c:\program files\AIM
2010-06-11 17:29 . 2010-04-29 00:59 -------- d-----w- c:\program files\Google
2010-06-10 22:18 . 2010-06-10 22:17 -------- d-----w- c:\documents and settings\Dr. Awesome\Application Data\Lenovo
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\NRSzubski\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-07 17:50 . 2010-06-15 20:28 171322 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-05 00:22 . 2009-09-18 03:20 -------- d-----w- c:\program files\ThinkVantage
2010-06-05 00:22 . 2009-09-18 03:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 23:51 . 2010-05-26 23:51 503808 ----a-w- c:\documents and settings\NRSzubski\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2ae6e2d4-n\msvcp71.dll
2010-05-26 23:51 . 2010-05-26 23:51 499712 ----a-w- c:\documents and settings\NRSzubski\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2ae6e2d4-n\jmc.dll
2010-05-26 23:51 . 2010-05-26 23:51 348160 ----a-w- c:\documents and settings\NRSzubski\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2ae6e2d4-n\msvcr71.dll
2010-05-07 19:55 . 2010-05-07 19:55 255472 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-05-05 22:31 . 2010-05-05 22:31 -------- d-----w- c:\program files\Mobile Media Converter
2010-04-27 22:45 . 2010-06-09 04:33 642560 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2010-04-27 18:58 . 2009-09-18 03:28 96584 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-21 21:37 . 2009-10-30 10:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-21 16:47 . 2010-04-21 16:47 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 17:33 . 2010-04-10 08:39 1496064 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 17:33 . 2010-04-10 08:39 43008 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 17:33 . 2010-04-10 08:39 339456 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 17:32 . 2010-04-10 08:39 346112 ----a-w- c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\NRSzubski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-09 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-07-14 417792]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-07-14 208896]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-10-27 01:41 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2009-07-29 17:40 425984 ------w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-01-18 21:14 1286608 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 03:21 141600 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-04-14 10:51 15136 ------w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-19 10:05 1434920 ------w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2009-03-13 08:32 68976 ------w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2009-02-03 03:16 181536 ------w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-11-24 22:42 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\NRSzubski\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\NRSzubski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\NRSzubski\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/4/2010 7:32 PM 207280]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/26/2008 6:33 PM 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/26/2008 6:38 PM 98304]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/17/2009 8:27 PM 53248]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/4/2010 7:31 PM 365280]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [6/12/2009 2:00 AM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 3:34 PM 520192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [9/17/2009 8:17 PM 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/17/2009 7:56 PM 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 3:54 PM 37312]
S0 pzpterzt;pzpterzt; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/28/2010 5:59 PM 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [6/12/2009 2:00 AM 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 PM 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/26/2008 6:38 PM 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/26/2008 6:41 PM 118784]
S3 mipsinf;mipsinf;c:\windows\system32\mipsinf.sys [6/8/2010 9:51 AM 2304]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2010 11:08 AM 27064]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 8:15 AM 1120752]
S4 Cdmpoca;Cdmpoca; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:00]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 17:00]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-1009Core.job
- c:\documents and settings\NRSzubski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-09 19:19]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-1009UA.job
- c:\documents and settings\NRSzubski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-09 19:19]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-1010Core.job
- c:\documents and settings\Dr. Awesome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-10 17:00]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-1010UA.job
- c:\documents and settings\Dr. Awesome\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-10 17:00]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-11 17:00]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286183537-1775050780-3615722962-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-11 17:00]

2010-02-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

2010-06-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-18 16:01]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/NRSzubski/My%20Documents/Documents/Web%20Related/homepage.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/NRSzubski/My%20Documents/Documents/Web%20Related/homepage.htm
FF - prefs.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101027100&s=
FF - component: c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\NRSzubski\Application Data\Mozilla\Firefox\Profiles\k3bxdxsn.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\documents and settings\NRSzubski\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\NRSzubski\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\NRSzubski\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\NRSzubski\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.wish-search.com/?sid=10101027100&s=c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-skb - ipfjjfxh.dll
Notify-ACNotify - ACNotify.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 15:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x89D82EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> iaStor.sys @ 0xb9e6e6ae
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) WiFi Link 5100 AGN -> SendCompleteHandler -> NDIS.sys @ 0xb9d14bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d03a0d
SendHandler -> NDIS.sys @ 0xb9d17b40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\ATGinaHook.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\windows\system32\AFSSClientLib.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1880)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-06-17 16:02:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-17 23:02

Pre-Run: 128,760,840,192 bytes free
Post-Run: 129,258,213,376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8B802BE694E75BD64D80E49B06B0F1F8
szubski
Active Member
 
Posts: 1
Joined: June 17th, 2010, 7:07 pm
Advertisement
Register to Remove

Re: Clicking on Google search takes me 3rd party spam sites

Unread postby NonSuch » June 18th, 2010, 12:33 am

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware