Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Combofix log


  • Please log in to reply

#1
FuzzyfaceDIL

FuzzyfaceDIL

    New Member

  • Member
  • Pip
  • 1 posts
I ran Combofix after reading posts on this site and it appears to have worked. Then I read that I should post the log to have an expert look it over. I can say that right away, I was able to open emails and things that I couldn't prior to running Combofix. I had downloaded and installed Webroot - which quarantined about 5 files, but didn't fix anything.
So, here is the log (its Greek to me). If there is any feedback, I would appreciate it. This is my father in law's computer and I'm just trying to help him. He uses it very simply; email, fantasy sports, news.
Thank you.

ComboFix 09-05-30.04 - Fuzzyface 05/31/2009 10:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.118 [GMT -4:00]
Running from: c:\documents and settings\Fuzzyface\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fuzzyface\protect.dll
c:\documents and settings\Fuzzyface\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Fuzzyface\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\autochk.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 14:55 . 2008-01-10 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\temp
2009-05-30 03:24 . 2009-05-30 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-05-30 03:18 . 2009-05-30 03:18 -------- d-----w- c:\program files\Ask.com
2009-05-30 03:17 . 2009-05-30 03:17 -------- d-----w- c:\program files\Webroot
2009-05-30 03:17 . 2009-05-30 03:17 -------- d-----w- c:\documents and settings\Fuzzyface\Application Data\Webroot
2009-05-30 03:17 . 2009-05-30 03:17 164 ----a-w- c:\windows\install.dat
2009-05-29 18:18 . 2007-11-28 06:38 -------- d-----w- c:\program files\Common Files\AOL
2009-05-29 18:18 . 2007-11-28 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-29 17:41 . 2004-08-10 19:03 77859 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-29 09:02 . 2008-09-24 20:20 103720 ----a-w- c:\documents and settings\Fuzzyface\GoToAssistDownloadHelper.exe
2009-05-13 19:39 . 2009-05-30 03:17 1563008 ----a-w- c:\windows\WRSetup.dll
2009-04-21 22:27 . 2009-04-21 22:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 22:27 . 2009-04-21 22:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 22:27 . 2009-04-21 22:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-10 17:49 . 2009-04-10 17:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-10 15:30 . 2007-12-29 19:12 58208 ----a-w- c:\documents and settings\Fuzzyface\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 00:39 . 2009-04-04 00:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-04 00:39 . 2007-11-28 06:39 -------- d-----w- c:\program files\Microsoft Works
2009-03-06 14:00 . 2004-08-10 18:51 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-28 98304]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-28 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/9/2007 4:20 AM 36368]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/29/2009 11:19 PM 1205760]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/9/2007 4:20 AM 280392]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [11/9/2007 4:19 AM 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [11/9/2007 4:19 AM 923216]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [11/9/2007 4:19 AM 566872]
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-05-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 19:06]

2009-05-30 c:\windows\Tasks\wrSpySweeper_L1D697DCCEBA34F018E3F0BBDEAAFF600.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-30 19:40]

2009-05-30 c:\windows\Tasks\wrSpySweeper_L1D697DCCEBA34F018E3F0BBDEAAFF600.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-30 19:40]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Verizon Internet Security Suite - c:\program files\Verizon\Verizon Internet Security Suite\Rps.exe
Notify-dimsntfy - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.verizon.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071127
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 10:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000000A7166A8297825583E 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-05-31 11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 15:03

Pre-Run: 42,581,712,896 bytes free
Post-Run: 42,801,545,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

163 --- E O F --- 2009-05-29 18:39
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP