Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

yahoo redirect browser

Started by jake234 , Apr 14 2010 02:09 AM

  • Please log in to reply

#1
jake234
Posted 14 April 2010 - 02:09 AM

jake234

    New Member

  • Member
  • Pip
  • 1 posts
ComboFix 10-04-13.02 - r gaylord 04/14/2010 3:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.735 [GMT -4:00]
Running from: c:\documents and settings\r gaylord\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-14 01:55 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-04-14 01:54 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-14 00:47 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 00:47 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 00:47 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 00:47 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 00:46 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 00:46 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 00:46 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-14 00:46 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 00:46 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 00:46 . 2010-04-14 00:46 -------- d-----w- c:\program files\Alwil Software
2010-04-14 00:46 . 2010-04-14 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-11 14:06 . 2010-04-11 14:06 -------- d-----w- c:\documents and settings\r gaylord\Application Data\Malwarebytes
2010-04-11 14:06 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 14:06 . 2010-04-11 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 14:06 . 2010-04-11 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-11 14:06 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 13:19 . 2010-04-11 13:21 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-10 11:53 . 2010-04-10 11:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-10 11:16 . 2010-04-11 13:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-10 11:15 . 2010-04-10 11:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-10 11:09 . 2010-04-11 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-04 01:32 . 2010-04-04 01:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-22 20:04 . 2010-03-22 20:04 255472 ----a-w- c:\documents and settings\r gaylord\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 07:25 . 2009-11-23 22:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-13 20:42 . 2010-04-14 00:33 175248 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-04-11 15:42 . 2004-08-04 04:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-05 21:27 . 2009-07-10 20:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-29 21:21 . 2009-07-23 21:57 -------- d-----w- c:\documents and settings\r gaylord\Application Data\AdobeUM
2010-03-25 20:35 . 2009-09-08 23:29 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-01 13:38 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-10 18:51 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 20:14 . 2010-02-12 20:14 67615 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_02_12_11_50_28_small.dmp.zip
2010-02-12 16:50 . 2010-02-12 20:09 702976 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-02-12 16:50 . 2010-02-12 20:09 1984512 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-02-12 04:33 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 21:00 . 2010-02-11 21:00 132 ----a-w- c:\documents and settings\r gaylord\Local Settings\Application Data\fusioncache.dat
2010-02-11 12:02 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-07 00:20 . 2009-08-07 17:13 5489293 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-02 16:05 . 2009-09-08 23:29 56 --sh--r- c:\windows\system32\9C1BACC6BF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-05 2010864]
"Google Update"="c:\documents and settings\r gaylord\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-01 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-01 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-1 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 18:12 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\r gaylord\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\r gaylord\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/13/2010 8:47 PM 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 11:01 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/13/2010 8:47 PM 19024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859184618-1794996009-2867484045-1006Core.job
- c:\documents and settings\r gaylord\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 22:16]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2859184618-1794996009-2867484045-1006UA.job
- c:\documents and settings\r gaylord\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo/
mStart Page = hxxp://www.dell.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

SSODL-lehuyuvup-{bbb4eef0-53ab-4ddf-a3aa-62f157032448} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 03:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\r gaylord\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\r gaylord\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-04-14 03:56:53
ComboFix-quarantined-files.txt 2010-04-14 07:56
ComboFix2.txt 2010-04-14 00:28

Pre-Run: 144,970,047,488 bytes free
Post-Run: 144,934,039,552 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 3C408FC1D250591D3F55D54DC3DFD49F
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP