Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect virus

Started by the2bobmob , Aug 08 2010 01:01 PM

  • Please log in to reply

#1
the2bobmob
Posted 08 August 2010 - 01:01 PM

the2bobmob

    New Member

  • Member
  • Pip
  • 1 posts
Ive got the google redirect virus, tried malwarebytes, superantispyware etc to no avail. Ran Combofix & still infected.
Please help - by the way I am not very computer literate so keep it simple! Thanks

Combfix log:-

ComboFix 10-08-07.02 - Tom Smith 08/08/2010 15:33:13.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.531 [GMT 1:00]
Running from: c:\documents and settings\Tom Smith\Desktop\Combo-Fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-08 12:28 . 2010-08-08 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-08-08 12:26 . 2010-08-08 12:26 -------- d-----w- c:\program files\STOPzilla!
2010-08-08 12:26 . 2010-08-08 12:26 -------- d-----w- c:\program files\Common Files\iS3
2010-08-08 12:26 . 2010-08-08 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-07 15:05 . 2010-08-07 15:08 -------- d-----w- c:\program files\SpywareBlaster
2010-08-04 20:31 . 2010-08-04 20:31 185824 ----a-w- c:\windows\system32\e7c80.sys
2010-08-04 16:16 . 2010-08-04 20:18 -------- d-----w- c:\windows\SxsCaPendDel
2010-08-04 15:59 . 2006-09-05 19:28 38480 ------w- c:\windows\system32\IJRMF.exe
2010-08-03 18:16 . 2010-08-08 12:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-03 18:14 . 2010-08-07 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-03 18:14 . 2010-08-03 18:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-01 17:31 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-01 17:31 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-01 17:31 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-01 17:30 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-01 17:29 . 2010-08-08 14:23 -------- d-----w- c:\program files\Spyware Doctor
2010-08-01 17:29 . 2010-08-01 17:33 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-01 17:29 . 2010-08-01 17:29 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\PC Tools
2010-08-01 17:29 . 2010-08-01 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-01 17:29 . 2010-08-08 14:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-01 11:01 . 2010-08-01 11:01 20331936 ----a-w- c:\documents and settings\Tom Smith\Application Data\TomTom\HOME\Profiles\10u9amdv.default\Updates\v2_7_5_2014_win.exe
2010-07-31 17:42 . 2010-07-31 17:42 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\InstallShield
2010-07-31 15:49 . 2010-08-07 08:53 63488 ----a-w- c:\documents and settings\Tom Smith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-31 15:44 . 2010-07-31 15:44 -------- d-----w- c:\program files\Trend Micro
2010-07-28 16:50 . 2010-07-28 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-23 21:24 . 2010-07-23 21:24 -------- d-----w- c:\documents and settings\Tom Smith\Local Settings\Application Data\lyqcubmkb
2010-07-14 18:02 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 15:03 . 2010-08-08 14:25 1072 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-08-08 14:33 . 2010-08-08 13:56 1512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-07 15:05 . 2004-03-09 19:03 -------- d-----w- c:\program files\Google
2010-08-07 14:45 . 2006-11-10 05:12 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Pehyu
2010-08-07 14:44 . 2007-05-05 14:20 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Otiz
2010-08-07 08:53 . 2010-04-24 20:33 117760 ----a-w- c:\documents and settings\Tom Smith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-04 20:08 . 2008-05-20 17:00 -------- d-----w- c:\program files\TomTom HOME 2
2010-08-04 19:07 . 2004-06-18 16:16 -------- d-----w- c:\program files\Best Friends Free Trial
2010-08-04 19:01 . 2004-01-27 11:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 18:04 . 2006-11-25 15:36 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-08-04 17:18 . 2009-10-13 18:31 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-04 17:13 . 2006-04-04 20:43 -------- d-----w- c:\program files\eBay
2010-08-04 16:21 . 2004-01-31 16:02 -------- d-----w- c:\program files\PhotoDeluxe 2.0
2010-08-04 16:19 . 2004-03-06 17:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 16:15 . 2008-08-16 11:22 -------- d-----w- c:\program files\Common Files\Apple
2010-08-04 16:14 . 2009-10-13 18:32 -------- d-----w- c:\program files\Common Files\Wextech Shared
2010-08-04 16:03 . 2009-01-05 21:22 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-04 16:01 . 2007-04-24 19:38 -------- d-----w- c:\program files\Canon
2010-08-04 15:54 . 2004-04-13 17:45 -------- d-----w- c:\program files\AutoCAD LT 98
2010-08-01 10:52 . 2004-01-27 11:05 -------- d-----w- c:\program files\Real
2010-08-01 10:51 . 2007-02-18 18:42 -------- d-----w- c:\program files\Sony Corporation
2010-07-31 17:55 . 2009-12-02 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-07-31 17:42 . 2007-07-16 16:12 -------- d-----w- c:\program files\GSC Game World
2010-07-31 17:38 . 2010-04-24 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 21:31 . 2004-08-13 15:23 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Fapoca
2010-07-25 16:55 . 2004-10-26 20:01 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Opaxc
2010-07-23 20:29 . 2010-04-25 10:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 11:53 . 2004-03-14 14:03 7650 ----a-w- c:\windows\aWhite.dat
2010-07-02 11:53 . 2004-03-14 14:03 4 ----a-w- c:\windows\aError.dat
2010-07-02 11:53 . 2004-03-14 14:03 7650 ----a-w- c:\windows\aDark.dat
2010-07-02 11:53 . 2004-03-14 14:03 12 ----a-w- c:\windows\aExpo.dat
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-28 12:30 . 2010-06-28 12:30 73728 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16072\ncqo.exe
2010-06-28 12:30 . 2010-06-28 12:30 417792 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16072\RapportMR.dll
2010-06-28 12:30 . 2004-07-31 02:43 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Itugac
2010-06-28 10:30 . 2010-06-28 10:30 77312 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\jcmqu.exe
2010-06-28 10:30 . 2010-06-28 10:30 417792 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\RapportMR.dll
2010-06-28 10:30 . 2010-06-28 10:30 73728 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\ncqo.exe
2010-06-27 17:30 . 2007-05-02 17:38 -------- d-----w- c:\documents and settings\Tom Smith\Application Data\Icsie
2010-06-21 19:36 . 2010-06-21 19:36 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-06-21 19:35 . 2010-04-15 19:45 -------- d-----w- c:\program files\McAfee
2010-06-21 19:33 . 2008-04-19 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-21 19:30 . 2010-06-21 19:30 -------- d-----w- c:\program files\McAfeeMOBK
2010-06-21 19:29 . 2010-06-21 19:29 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-14 14:31 . 2002-08-29 05:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-22 19:10 . 2010-05-22 19:10 503808 ----a-w- c:\documents and settings\Tom Smith\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4da4a6e1-n\msvcp71.dll
2010-05-22 19:10 . 2010-05-22 19:10 499712 ----a-w- c:\documents and settings\Tom Smith\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4da4a6e1-n\jmc.dll
2010-05-22 19:10 . 2010-05-22 19:10 348160 ----a-w- c:\documents and settings\Tom Smith\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4da4a6e1-n\msvcr71.dll
2010-05-16 10:43 . 2010-05-16 10:43 50444 ---ha-w- c:\windows\system32\mlfcache.dat
2006-06-04 19:26 . 2006-06-04 19:26 11817800 ----a-w- c:\program files\GoogleEarth.exe
2004-03-06 18:14 . 2004-03-06 17:39 9143000 ----a-w- c:\program files\AdbeRdr60_enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-05 20:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-23 2403568]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-06-03 5164968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [01/08/2010 18:31 218592]
R0 szkg5;szkg5;c:\windows\SYSTEM32\DRIVERS\SZKG.sys [07/12/2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\SYSTEM32\DRIVERS\SZKGFS.sys [24/02/2010 15:06 173328]
R1 as6eio;as6eio;c:\windows\SYSTEM32\DRIVERS\As6eio.sys [14/03/2004 15:00 3616]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [09/05/2010 12:18 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\SYSTEM32\DRIVERS\MOBK.sys [21/06/2010 20:29 54776]
R1 RapportBuka;RapportBuka;c:\windows\SYSTEM32\DRIVERS\RapportBuka.sys [27/02/2010 18:17 390528]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 12872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/05/2010 12:18 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/05/2010 12:18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [09/05/2010 12:18 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [09/05/2010 12:18 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [09/05/2010 12:18 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [05/02/2010 21:14 229688]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [09/05/2010 12:18 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [09/05/2010 12:18 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [09/05/2010 12:18 88480]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [27/03/2006 17:53 167808]
S0 is3srv;is3srv;c:\windows\SYSTEM32\DRIVERS\is3srv.sys [07/12/2009 17:59 61328]
S1 SASKUTIL;SASKUTIL;\??\f:\superantispyware\SASKUTIL.SYS --> f:\superantispyware\SASKUTIL.SYS [?]
S3 5df8;5df8;\??\c:\windows\system32\5df8.sys --> c:\windows\system32\5df8.sys [?]
S3 a6f9;a6f9;\??\c:\windows\system32\a6f9.sys --> c:\windows\system32\a6f9.sys [?]
S3 e7c80;e7c80;c:\windows\SYSTEM32\e7c80.sys [04/08/2010 21:31 185824]
S3 f01A;f01A;\??\c:\windows\system32\f01A.sys --> c:\windows\system32\f01A.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [03/08/2010 19:16 16968]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [09/05/2010 12:18 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [09/05/2010 12:18 83496]
S3 SASENUM;SASENUM;\??\f:\superantispyware\SASENUM.SYS --> f:\superantispyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [01/08/2010 18:29 366840]
S3 SQTECH930B;Trust WB-3500T USB2 Webcam;c:\windows\system32\Drivers\Capt930b.sys --> c:\windows\system32\Drivers\Capt930b.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.sky.com/
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MBkLogonHook - (no file)
AddRemove-YourScreen - c:\program files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 16:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-338836242-2630451458-1754484136-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\WININET.dll
c:\windows\system32\RtlGina2.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-08 16:15:35
ComboFix-quarantined-files.txt 2010-08-08 15:15

Pre-Run: 46,022,717,440 bytes free
Post-Run: 46,762,373,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 80D1218998028EF114CB66DC61242F81
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP