My IE is hijacked by this unknown virus and my google search result would end up getting porn searches.
I tried using HighJackThis, but so far nothing have worked.
The following is my combo fix result. Could anyone help me out with this problem? Very Appreciated.
ComboFix 08-02.05.3 - WillHsu 2008-02-10 20:28:06.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.599 [GMT -8:00]
執行位置?: C:\Documents and Settings\WillHsu\桌面\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\WillHsu\Local Settings\Application Data\baidu
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_BDGUARD
(((((((((((((((((((((((((((( 2008-01-11 - 2008-02-11 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-02-10 20:14 . 2008-02-10 20:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 17:41 . 2008-02-10 17:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-10 17:27 . 2008-02-10 17:27 <DIR> dr-h----- C:\$VAULT$.AVG
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\WillHsu\Application Data\AVG7
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 14:48 . 2008-02-10 14:48 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-10 14:36 . 2008-02-10 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 14:36 . 2008-02-10 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-10 14:13 . 2008-02-10 14:13 236,544 --a------ C:\WINDOWS\sysvol32.dll
2008-02-10 14:01 . 2008-02-10 14:13 49 --a------ C:\tmp.bat
2008-02-05 00:26 . 2008-02-05 00:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 07:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-05 07:11 --------- d-----w C:\Program Files\Microsoft Works
2008-01-05 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 07:03 --------- d-----w C:\Program Files\MagicISO
2007-12-05 00:52 29,856 ----a-w C:\Documents and Settings\WillHsu\Application Data\GDIPFONTCACHEV1.DAT
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-01-20 05:53 784 ----a-w C:\Documents and Settings\WillHsu\Application Data\mpauth.dat
2005-08-17 03:47 32,768 ------w C:\Program Files\SymNetDrv
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
2008-02-10 14:13 236544 --a------ C:\WINDOWS\sysvol32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:47 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-25 12:33 442368]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"ClubBox"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 16:31 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:47 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:31 219136]
C:\Documents and Settings\WillHsu\「開始」功能表\程式集\啟動\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 02:18 49152]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-16 18:00]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21ad0290-005c-11dc-a0e7-0080c81c92d2}]
\Shell\AutoRun\command - F:\LinksysConnectPC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79618ce7-055e-11db-9f13-0080c81c92d2}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
排程工作資料夾的內容
"2008-02-11 03:56:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-28 20:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 20:33:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案?: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
完成時間?: 2008-02-10 20:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 04:35:26
.
2008-01-09 07:58:03 --- E O F ---