Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

search engine redirect

Started by chi28170 , May 05 2009 05:14 PM

  • Please log in to reply

#1
chi28170
Posted 05 May 2009 - 05:14 PM

chi28170

    New Member

  • Member
  • Pip
  • 1 posts
hi ive racked my brains for a while now with this one. every time go to a search engine and try to click on one of the links it keeps sending me to another search engine and so forth ive included in this post the log file from combo fix if any one can help me. this virus also shut down my avira antivirus until i ran combofix and reinstalled it.




ComboFix 09-05-04.A3 - Administrator 05/05/2009 19:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2077 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-05 03:21 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 03:21 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-05 03:21 . 2009-05-05 03:21 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-05 03:00 . 2009-05-05 03:00 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-05-05 02:58 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-05 02:58 . 2009-05-05 03:02 -------- d-----w c:\program files\SpywareBlaster
2009-05-05 02:41 . 2009-05-05 02:41 -------- d-----w c:\program files\Trend Micro
2009-05-05 02:39 . 2009-05-05 02:54 -------- d-----w c:\program files\SpywareGuard
2009-05-05 02:30 . 2009-05-05 02:30 -------- d-----w c:\documents and settings\Administrator\Application Data\Avira
2009-05-05 02:21 . 2009-05-05 02:21 -------- d-----w c:\windows\system32\xircom
2009-05-05 02:21 . 2009-05-05 02:21 -------- d-----w c:\program files\microsoft frontpage
2009-05-05 02:10 . 2009-05-05 02:11 -------- d-----w C:\Rooter$
2009-05-05 01:56 . 2009-05-05 01:56 -------- d-----w c:\program files\Avira
2009-05-05 01:16 . 2009-05-05 01:19 32 --s-a-w c:\windows\system32\216738917.dat
2009-05-05 01:16 . 2009-05-05 01:16 29696 ----a-w c:\windows\system32\SYS32DLL.exe
2009-05-05 01:05 . 2009-05-05 01:12 -------- d-----w c:\program files\OutlawGolf
2009-05-03 00:46 . 2009-05-03 00:46 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Gas Powered Games
2009-05-03 00:15 . 2009-05-03 00:15 4096 ----a-w c:\windows\d3dx.dat
2009-05-03 00:13 . 2009-05-03 00:13 -------- d-----w c:\windows\Fishing Craze
2009-05-03 00:13 . 2009-05-03 00:15 -------- d-----w c:\program files\Fishing Craze
2009-05-01 02:32 . 2009-05-01 02:32 -------- d-----w c:\windows\system32\AGEIA
2009-05-01 02:32 . 2009-05-01 02:32 -------- d-----w c:\program files\AGEIA Technologies
2009-05-01 02:31 . 2009-05-01 02:31 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 02:31 . 2009-05-01 02:31 -------- d-----w C:\NVIDIA
2009-05-01 02:08 . 2009-05-01 02:09 -------- d-----w c:\program files\GameShadow
2009-04-29 16:51 . 2009-04-29 16:51 -------- d-----w c:\documents and settings\Administrator\Application Data\Canon
2009-04-29 16:45 . 2008-04-14 04:15 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-29 16:42 . 2009-04-29 16:42 -------- d-----w c:\program files\Canon
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-04-29 16:40 . 2008-02-06 09:00 216064 ----a-w c:\windows\system32\CNMLM8U.DLL
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-29 16:40 . 2007-03-15 18:12 188416 ----a-w c:\windows\system32\CNC470O.DLL
2009-04-29 16:40 . 2007-03-19 14:21 200704 ----a-w c:\windows\system32\CNC470L.DLL
2009-04-29 16:40 . 2007-03-23 20:30 1400832 ----a-w c:\windows\system32\CNC470C.DLL
2009-04-29 16:40 . 2007-03-23 20:29 98304 ----a-w c:\windows\system32\CNC470I.DLL
2009-04-29 16:40 . 2009-04-29 16:40 -------- d--h--w c:\program files\CanonBJ
2009-04-29 16:39 . 2008-04-14 04:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-29 16:18 . 2001-08-18 02:36 8192 ----a-w c:\windows\system32\kbdkor.dll
2009-04-29 16:18 . 2001-08-18 02:36 8704 ----a-w c:\windows\system32\kbdjpn.dll
2009-04-29 16:18 . 2001-08-17 18:55 5632 ----a-w c:\windows\system32\kbd103.dll
2009-04-29 16:18 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101c.dll
2009-04-29 16:18 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-29 16:18 . 2008-04-14 09:39 6144 ----a-w c:\windows\system32\kbd106.dll
2009-04-29 16:16 . 2009-04-29 16:16 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\windows\system32\XPSViewer
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\program files\MSBuild
2009-04-29 16:16 . 2009-04-29 16:16 -------- d-----w c:\program files\Reference Assemblies
2009-04-29 16:15 . 2007-11-30 11:18 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-29 16:15 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-29 16:15 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 16:15 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 16:15 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 16:15 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-29 16:15 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 16:15 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-29 16:15 . 2009-04-29 16:15 -------- d-----w C:\85385b0f60231adae7108d001a51
2009-04-29 14:40 . 2006-09-28 20:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-29 14:40 . 2006-09-28 20:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-29 14:40 . 2006-09-28 20:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-04-29 14:40 . 2006-07-28 13:30 236824 ----a-w c:\windows\system32\xactengine2_3.dll
2009-04-29 14:40 . 2006-07-28 13:30 62744 ----a-w c:\windows\system32\xinput1_2.dll
2009-04-29 14:32 . 2005-05-26 19:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-29 14:30 . 2009-04-29 14:30 -------- d-----w c:\program files\AeriaGames
2009-04-29 12:36 . 2009-04-29 12:54 -------- d-----w C:\AeriaGames
2009-04-29 01:26 . 2009-04-29 01:26 -------- d-----w C:\UT2004
2009-04-28 01:22 . 2009-04-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\The Skins Factory
2009-04-27 21:13 . 2009-04-27 21:13 -------- d-----w c:\program files\Common Files\Scanner
2009-04-27 21:13 . 2009-04-27 21:16 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-27 14:58 . 2009-04-27 14:58 -------- d-----w c:\documents and settings\Administrator\Application Data\Skinux
2009-04-27 14:55 . 2009-04-27 14:55 -------- d-----w c:\program files\The Skins Factory
2009-04-27 14:54 . 2009-05-01 02:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-27 14:30 . 2009-04-27 14:30 -------- d-----w c:\program files\PixiePack Codec Pack
2009-04-27 14:28 . 2007-12-11 13:52 26784 ----a-w c:\windows\system32\drivers\tbhsd.sys
2009-04-27 14:28 . 2009-04-28 01:27 -------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite
2009-04-27 14:27 . 2009-04-27 14:27 -------- d-----w c:\program files\RapidSolution
2009-04-27 14:27 . 2009-05-01 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-04-27 14:14 . 2009-04-27 14:14 -------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-04-27 14:14 . 2009-04-27 14:14 -------- d-----w c:\program files\Napster
2009-04-27 14:10 . 2009-04-27 14:17 -------- d-sh--w c:\documents and settings\All Users\DRM
2009-04-27 03:00 . 2009-04-29 14:12 -------- d-----w c:\program files\ElcomSoft
2009-04-27 02:37 . 2009-04-27 02:37 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-04-27 02:36 . 2009-05-05 01:45 -------- d-----w c:\program files\AZPR
2009-04-27 02:16 . 2009-04-27 02:16 -------- d-----w c:\program files\Intelore
2009-04-27 00:46 . 2009-05-01 18:42 -------- d-----w c:\program files\Camgoo
2009-04-26 22:15 . 2000-05-11 05:00 90112 ------w c:\windows\Updreg.EXE
2009-04-26 22:15 . 1996-05-23 06:24 24976 ------w c:\windows\CTRES.DLL
2009-04-26 22:15 . 1998-06-05 06:00 84992 ------w c:\windows\system32\SFCVRT32.DLL
2009-04-26 22:15 . 1994-12-05 07:11 53552 ------w c:\windows\CTCCW.DLL
2009-04-26 22:15 . 1995-01-13 18:10 149504 ------w c:\windows\system32\MFCANS32.DLL
2009-04-26 22:15 . 1995-01-13 18:10 108032 ------w c:\windows\system32\MFCUIA32.DLL
2009-04-26 22:15 . 1998-10-20 20:05 54784 ------w c:\windows\system32\INETWH32.DLL
2009-04-26 22:15 . 1995-07-13 06:01 26768 ------w c:\windows\system32\CTL3D.DLL
2009-04-26 22:15 . 1995-08-30 06:02 82432 ------w c:\windows\system32\CTWFLT32.DLL
2009-04-26 22:15 . 1998-01-08 05:00 1048576 ------w c:\windows\system32\SFMAN.DAT
2009-04-26 22:15 . 2009-04-26 22:15 -------- d-----w c:\windows\system32\Defaults
2009-04-26 22:03 . 1999-12-17 05:00 6752 ------w c:\windows\system32\PFMODNT.SYS
2009-04-26 22:03 . 2009-04-26 22:04 -------- d-----w c:\program files\Creative
2009-04-26 17:29 . 2009-05-05 01:48 -------- d-----w c:\program files\Jack Games
2009-04-26 15:25 . 2009-04-26 15:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Xbins
2009-04-26 04:52 . 2009-04-26 04:52 36964 ----a-w c:\documents and settings\Administrator\V3InetGS.dll
2009-04-26 04:52 . 2009-04-26 04:52 141008 ----a-w c:\documents and settings\Administrator\V3Hunt.dll
2009-04-26 04:52 . 2009-04-26 04:52 27136 ----a-w c:\documents and settings\Administrator\mspatcha.dll
2009-04-26 04:52 . 2009-04-26 04:52 122980 ----a-w c:\documents and settings\Administrator\HSUpdate.exe
2009-04-26 04:52 . 2009-04-26 04:52 188512 ----a-w c:\documents and settings\Administrator\HSInst.dll
2009-04-26 04:52 . 2009-04-26 04:52 160 ----a-w c:\documents and settings\Administrator\HShield.dat
2009-04-26 03:13 . 2009-04-26 03:13 178273 ----a-w c:\documents and settings\Administrator\EGRNAP.dll
2009-04-26 03:11 . 2009-04-26 03:11 303104 ----a-w c:\documents and settings\Administrator\Win98sUpdateUtil.exe
2009-04-26 03:11 . 2009-04-26 05:10 -------- d-----w c:\documents and settings\Administrator\Resource
2009-04-26 02:52 . 2009-04-26 02:52 1019904 ----a-w c:\documents and settings\Administrator\Launcher.exe
2009-04-26 02:16 . 2009-04-26 02:16 -------- d-----w c:\program files\NetRatingsNetSight
2009-04-26 01:33 . 2001-08-17 16:19 3712 ----a-w c:\windows\system32\drivers\ctljystk.sys
2009-04-26 01:33 . 2008-04-14 04:15 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-04-26 01:33 . 2001-08-18 02:36 495616 ----a-w c:\windows\system32\sblfx.dll
2009-04-26 01:33 . 2001-08-18 02:36 256512 ----a-w c:\windows\system32\devcon32.dll
2009-04-26 01:33 . 2001-08-18 02:36 4096 ----a-w c:\windows\system32\ctwdm32.dll
2009-04-26 01:33 . 2001-08-18 02:36 24064 ----a-w c:\windows\system32\devldr32.exe
2009-04-26 01:33 . 2001-08-17 16:19 36480 ----a-w c:\windows\system32\drivers\sfmanm.sys
2009-04-26 01:33 . 2001-08-17 16:19 283904 ----a-w c:\windows\system32\drivers\emu10k1m.sys
2009-04-26 01:33 . 2001-08-17 16:19 6912 ----a-w c:\windows\system32\drivers\ctlfacem.sys
2009-04-25 00:48 . 2009-04-25 00:49 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-04-25 00:07 . 2009-04-28 12:09 -------- d-----w c:\documents and settings\Administrator\Application Data\Ahead
2009-04-25 00:06 . 2009-04-25 00:06 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-25 00:06 . 2009-04-25 00:06 -------- d-----w c:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 11:59 . 2009-04-19 15:35 -------- d-----w c:\program files\Realtek
2009-04-30 23:56 . 2009-04-19 15:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-29 17:25 . 2009-04-19 15:41 13664 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 04:52 . 2009-04-26 04:52 82060 ----a-w c:\documents and settings\Administrator\Bz32Ex.dll
2009-04-26 04:52 . 2009-04-26 04:52 37012 ----a-w c:\documents and settings\Administrator\AspINet.dll
2009-04-26 04:52 . 2009-04-26 04:52 153280 ----a-w c:\documents and settings\Administrator\AhnUpCtl.dll
2009-04-26 04:52 . 2009-04-26 04:52 147554 ----a-w c:\documents and settings\Administrator\AhnUpGS.dll
2009-04-26 04:34 . 2009-04-26 04:34 1896448 ----a-w c:\documents and settings\Administrator\RappelzConfig.exe
2009-04-26 03:39 . 2009-04-26 03:39 386048 ----a-w c:\documents and settings\Administrator\mss32.dll
2009-04-26 03:22 . 2009-04-26 03:22 131153 ----a-w c:\documents and settings\Administrator\v3pro32s.dll
2009-04-26 03:17 . 2009-04-26 03:17 3053568 ----a-w c:\documents and settings\Administrator\SFrame.exe
2009-04-26 03:15 . 2009-04-26 03:15 20480 ----a-w c:\documents and settings\Administrator\psapi.dll
2009-04-26 03:13 . 2009-04-26 03:13 1830912 ----a-w c:\documents and settings\Administrator\EhSvc.dll
2009-04-26 03:13 . 2009-04-26 03:13 95232 ----a-w c:\documents and settings\Administrator\EGRNAPX2.dll
2009-04-22 00:47 . 2009-04-20 21:30 -------- d-----w c:\program files\Winamp
2009-04-20 22:37 . 2009-04-19 15:29 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-20 21:33 . 2009-04-19 14:59 -------- d-----w c:\program files\Unlocker
2009-04-20 20:43 . 2009-04-19 15:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-19 15:52 . 2009-04-19 15:52 -------- d-----w c:\program files\Philips
2009-04-19 15:52 . 2009-04-19 15:52 -------- d-----w c:\program files\ArcSoft
2009-04-19 15:28 . 2009-04-19 15:28 0 ----a-w c:\windows\nsreg.dat
2009-04-19 15:10 . 2009-04-19 15:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-19 15:09 . 2009-04-19 15:09 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-19 15:09 . 2009-04-19 15:09 -------- d-----w c:\program files\OpenAL
2009-04-19 15:09 . 2009-04-19 15:09 -------- d-----w c:\program files\ACD Systems
2009-04-19 15:06 . 2009-04-19 15:06 -------- d-----w c:\program files\uTorrent
2009-04-19 15:02 . 2008-04-14 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-19 14:59 . 2009-04-19 14:59 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-19 14:59 . 2009-04-19 14:59 -------- d-----w c:\program files\HashTab Shell Extension
2009-04-19 14:59 . 2009-04-19 14:59 -------- d-----w c:\program files\Microsoft PowerToys
2009-03-27 12:14 . 2009-04-19 15:30 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-04-14 10:00 . 2009-04-27 14:08 73728 --sha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

------- Sigcheck -------

[-] 2008-12-30 04:52 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-03-16 13:53 87512 ----a-w c:\program files\oovootb\dtx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\dtx.dll" [2009-03-16 87512]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-06 2805248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin230.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin230.lnk
backup=c:\windows\pss\TrayMin230.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [5/4/2009 9:56 PM 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [5/4/2009 9:56 PM 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [5/4/2009 9:56 PM 41217]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [7/21/2008 12:50 PM 106496]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [4/19/2009 11:52 AM 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [4/19/2009 11:52 AM 461056]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xmji8e7o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/default.aspx
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox 3.1 Beta 3\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 19:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(23508)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
Completion time: 2009-05-05 19:13
ComboFix-quarantined-files.txt 2009-05-05 23:13
ComboFix2.txt 2009-05-05 14:51

Pre-Run: 146,962,935,808 bytes free
Post-Run: 146,949,656,576 bytes free

301
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP