Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect problem.....

Started by edortizr6 , Apr 12 2009 08:07 AM

  • Please log in to reply

#1
edortizr6
Posted 12 April 2009 - 08:07 AM

edortizr6

    New Member

  • Member
  • Pip
  • 4 posts
Hi, I see that a lot of people have gotten the redirect problem. I ran combofix, here's the log.

ComboFix 09-04-12.02 - user 2009-04-12 9:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.379 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090411-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-10 21:16 . 2000-08-31 12:00 89504 ----a-w c:\windows\fdsv.exe
2009-03-25 00:02 . 2009-04-10 21:35 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-23 21:53 . 2009-03-23 22:06 -------- d-----w c:\documents and settings\user\Application Data\RegTool
2009-03-13 19:26 . 2009-03-13 19:26 547 ----a-w c:\windows\eReg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 21:49 . 2009-04-10 21:49 -------- d-----w c:\program files\Alwil Software
2009-04-10 19:52 . 2008-08-14 00:30 -------- d-----w c:\program files\Soulseek
2009-04-02 01:09 . 2008-09-25 12:52 -------- d-----w c:\program files\Java
2009-03-13 20:03 . 2009-03-13 20:03 -------- d-----w c:\program files\HDExtrem
2009-03-13 19:40 . 2009-02-26 18:04 -------- d-----w c:\program files\InstallShield Installation Information
2009-03-13 19:26 . 2009-03-13 19:26 -------- d-----w c:\program files\EA Sports
2009-03-12 19:53 . 2008-08-27 12:59 -------- d-----w c:\program files\Common Files\Adobe
2009-03-09 09:19 . 2008-12-05 00:29 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 00:56 . 2009-03-09 00:56 -------- d-----w c:\program files\Coupons
2009-02-26 18:25 . 2009-02-26 18:25 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-02-26 18:20 . 2009-02-26 18:20 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-26 18:07 . 2009-02-26 18:07 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-26 18:04 . 2009-02-26 18:04 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-02-26 17:48 . 2009-02-26 17:48 -------- d-----r c:\documents and settings\user\Application Data\Brother
2009-02-16 00:10 . 2008-11-05 23:51 -------- d-----w c:\program files\Lexmark X74-X75
2009-02-13 13:38 . 2009-02-10 17:12 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-13 04:32 . 2009-02-10 17:12 -------- d-----w c:\program files\Yahoo!
2009-02-09 11:13 . 2002-09-03 17:11 1846784 ----a-w c:\windows\system32\win32k.sys
2006-09-07 02:48 . 2008-09-03 03:30 131072 ----a-w c:\program files\XBOX360 SS Merger 1.7b.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2006-04-20 237568]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2008-10-14 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-30 98304]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R3 MaplomL;MaplomL; [x]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2009-04-11 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\nw6g07wf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 09:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxcjsntoaoyksxdogpjecfrdwocxelppxrx.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\nView.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-12 9:49
ComboFix-quarantined-files.txt 2009-04-12 13:49
ComboFix2.txt 2009-04-10 21:20

Pre-Run: 37,131,538,432 bytes free
Post-Run: 37,124,579,328 bytes free

134 --- E O F --- 2009-04-11 00:00
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP