|
Answer» I believe I have a Search Engine Virus. Can anyone please help me?
I READ online to run Combo-fix. I did, and I'm not sure it worked. I tried doing a Yahoo search, but that does not work. Yahoo comes up with a screen that says "Sorry, Unable to process REQUEST at this time -- error 999." Yahoo says it is probably because of Spyware or a Virus. I had this problem before I used ComboFix. I am scared to use Google, because that would always redirect me to another site. I am scared that it might give me even more viruses if I tried that.
Before ComboFix, I used Spyware Doctor. That did not help. It would find the problem, but it could not fix it. Here is the results of my ComboFix scan (Thank you for any help):
ComboFix 09-11-11.02 - Owner 11/11/2009 21:14.1.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.
ADS - system32: deleted 284 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-4050954835-1151102444-3722852121-1003
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.
2009-11-12 01:58 . 2009-11-12 02:02 -------- d-----w- C:\Combo-Fix
2009-11-12 00:55 . 2009-11-12 01:13 -------- d-----w- c:\program files\Registry Easy
2009-11-11 00:06 . 2009-11-11 00:06 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-11-08 20:26 . 2009-11-08 20:26 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-11-08 20:05 . 2009-11-08 20:05 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-11-08 19:24 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-08 19:21 . 2009-11-09 08:07 -------- d-----w- c:\windows\ie8updates
2009-11-08 19:15 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-08 19:15 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-08 19:15 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-08 19:15 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-08 19:15 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-08 19:15 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-08 19:03 . 2009-11-08 19:13 -------- dc-h--w- c:\windows\ie8
2009-11-07 18:59 . 2009-11-12 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-07 18:57 . 2009-11-12 01:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 04:54 . 2009-11-04 05:03 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-04 04:48 . 2009-11-04 04:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-04 04:48 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 04:48 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 04:47 . 2009-11-04 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 04:47 . 2009-11-04 05:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 02:50 . 2008-10-23 07:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-11-12 01:51 . 2006-10-10 14:43 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-11-12 01:50 . 2008-10-23 07:36 -------- d-----w- c:\program files\DNA
2009-11-11 15:34 . 2006-08-15 18:24 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-10-21 23:05 . 2006-04-24 17:30 17552 -c--a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-26 16:12 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 258118]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-2-17 1742384]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-1-24 127488]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\quake\\quake2.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netscape.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\st2579gc.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://www.netscape.com/
FF - PLUGIN: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-winupdate86.exe - c:\windows\system32\winupdate86.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-Money2005b - c:\program files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 21:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
COMPLETION time: 2009-11-12 22:10
ComboFix-quarantined-files.txt 2009-11-12 03:10
Pre-Run: 12,612,567,040 bytes free
Post-Run: 13,028,724,736 bytes free
- - END Of File - - FEBDC8922D6667B277348C6FD8DE0264
ComboFix Attachment
[Saving space, attachment deleted by admin]I might have found something under C:\Windows\System32\Drivers\etc\hosts
127.0.0.1 localhost
89.149.210.61 www.google.com
89.149.210.61 www.google.de
89.149.210.61 www.google.fr
89.149.210.61 www.google.co.uk
89.149.210.61 www.google.com.br
89.149.210.61 www.google.it
89.149.210.61 www.google.es
89.149.210.61 www.google.co.jp
89.149.210.61 www.google.com.mx
89.149.210.61 www.google.ca
89.149.210.61 www.google.com.au
89.149.210.61 www.google.nl
89.149.210.61 www.google.co.za
89.149.210.61 www.google.be
89.149.210.61 www.google.gr
89.149.210.61 www.google.at
89.149.210.61 www.google.se
89.149.210.61 www.google.ch
89.149.210.61 www.google.pt
89.149.210.61 www.google.dk
89.149.210.61 www.google.fi
89.149.210.61 www.google.ie
89.149.210.61 www.google.no
89.149.210.61 search.yahoo.com
89.149.210.61 us.search.yahoo.com
89.149.210.61 uk.search.yahoo.com
If I just delete the google and yahoo lines, would that fix things?
Hello Piechuck. Instead of trying to fix things yourself why not go to this link and follow the instructions. Once you post the required logs, one of the experts in this forum will jump in and help you.
|
