combofix log - Google redirect problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rfcjr

Thread Starter
Joined
May 20, 2001
Messages
142
Could somebody please take a quick look at my combofix log? I just reloaded Win Xp and after using Google to search landed on a site which infected me. What might I need to delete from what is shown in the log to possibly fix this redirect problem? Thank you in advance.

ComboFix 10-04-26.02 - Rai 04/26/2010 12:40:20.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1767 [GMT -7:00]
Running from: c:\documents and settings\Rai\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 04:42 . 2010-04-26 04:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-26 04:17 . 2010-04-26 04:17 -------- d-----w- C:\spoolerlogs
2010-04-26 04:17 . 2010-04-26 04:17 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-04-26 02:42 . 2010-04-26 02:42 -------- d-----w- c:\program files\LizardTech
2010-04-25 23:24 . 2010-04-25 23:24 -------- d-----w- c:\windows\Sun
2010-04-25 23:24 . 2010-04-25 23:24 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 23:24 . 2010-04-25 23:24 503808 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\msvcp71.dll
2010-04-25 23:24 . 2010-04-25 23:24 499712 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\jmc.dll
2010-04-25 23:24 . 2010-04-25 23:24 348160 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\msvcr71.dll
2010-04-25 23:24 . 2010-04-25 23:24 61440 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b5cae0a-n\decora-sse.dll
2010-04-25 23:24 . 2010-04-25 23:24 12800 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b5cae0a-n\decora-d3d.dll
2010-04-25 23:23 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-25 00:16 . 2010-04-25 00:19 -------- d-----w- c:\program files\TechSmith
2010-04-24 20:12 . 2010-04-24 20:12 -------- d-sh--w- c:\documents and settings\Rai\IECompatCache
2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- c:\windows\ShellNew
2010-04-24 18:49 . 2010-04-24 18:49 -------- d-----w- c:\program files\Microsoft Works Suite 2003
2010-04-24 18:44 . 2010-04-24 18:44 -------- d-sh--w- c:\documents and settings\Rai\PrivacIE
2010-04-24 18:43 . 2010-04-24 18:43 -------- d-sh--w- c:\documents and settings\Rai\IETldCache
2010-04-24 18:40 . 2010-02-25 18:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-24 18:40 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-24 18:40 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-24 18:40 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-24 18:40 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-24 18:40 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-24 18:40 . 2010-04-26 16:38 -------- d-----w- c:\windows\ie8updates
2010-04-24 18:40 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-24 18:39 . 2010-04-24 18:40 -------- dc-h--w- c:\windows\ie8
2010-04-24 18:28 . 2010-04-24 18:28 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 18:28 . 2010-04-24 18:28 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Mozilla
2010-04-24 17:02 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-24 03:22 . 2010-04-24 03:22 -------- d-----w- c:\documents and settings\Maggie\Application Data\Qualcomm
2010-04-24 03:20 . 2010-04-24 03:20 -------- d-s---w- c:\documents and settings\Maggie\UserData
2010-04-24 03:20 . 2010-04-24 03:21 -------- d-----w- c:\documents and settings\Maggie\Application Data\HPAppData
2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\myBabylon_English
2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Google
2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Conduit
2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Help
2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\system32\scripting
2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\system32\en
2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\l2schemas
2010-04-23 23:08 . 2010-04-23 23:08 1005270 ----a-w- c:\documents and settings\Rai\Application Data\Qualcomm\Eudora\attach\instzip3.exe
2010-04-23 23:08 . 2010-04-23 23:08 848712 ----a-w- c:\documents and settings\Rai\Application Data\Qualcomm\Eudora\attach\avg_free_stb_all_8_32_cnet.exe
2010-04-23 23:06 . 2010-04-23 23:06 -------- d-----w- c:\documents and settings\Rai\Application Data\Qualcomm
2010-04-23 23:03 . 2010-04-23 23:03 -------- d-----w- c:\program files\Qualcomm
2010-04-23 23:03 . 2005-08-09 23:09 48640 ----a-w- c:\windows\system32\INETWH32.DLL
2010-04-23 23:03 . 2005-08-09 23:09 317952 ----a-w- c:\windows\system32\Roboex32.dll
2010-04-23 22:40 . 2010-04-23 22:40 -------- d-----w- c:\program files\MSXML 4.0
2010-04-23 21:58 . 2008-04-14 00:11 94208 ------w- c:\windows\system32\eappgnui.dll
2010-04-23 21:28 . 2010-04-23 21:28 -------- d-----w- C:\unzipped
2010-04-23 21:17 . 2010-04-23 21:17 -------- d-----w- c:\program files\Ken Ward's Zipper
2010-04-23 21:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-23 21:01 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-23 21:00 . 2010-04-23 21:00 -------- d-----w- c:\program files\CWGET
2010-04-23 21:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 21:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 20:58 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 20:56 . 2010-04-23 20:57 -------- d-----w- c:\documents and settings\Rai\Outlook Express
2010-04-23 20:54 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-23 20:54 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-23 20:54 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-23 20:54 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-23 20:51 . 2009-06-10 16:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-04-23 20:51 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-04-23 20:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-23 20:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-04-23 20:06 . 2001-05-07 07:00 65536 ----a-w- c:\windows\system32\epcomdd.dll
2010-04-23 20:06 . 2001-06-25 07:00 172032 ----a-w- c:\windows\system32\esdtr.dll
2010-04-23 20:06 . 2001-02-28 07:00 57344 ----a-w- c:\windows\system32\essiscsi.dll
2010-04-23 20:06 . 2000-10-11 07:00 53248 ----a-w- c:\windows\system32\esicm.dll
2010-04-23 20:06 . 2001-06-07 07:00 86016 ----a-w- c:\windows\system32\epfb5cpl.dll
2010-04-23 20:00 . 2010-04-23 20:00 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\HP
2010-04-23 19:59 . 2010-04-26 19:27 -------- d-----w- c:\documents and settings\Rai\Application Data\HPAppData
2010-04-23 19:59 . 2010-04-23 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-04-23 19:56 . 2010-04-23 19:56 -------- d-----w- c:\documents and settings\Rai\Application Data\HP
2010-04-23 19:55 . 2010-04-23 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-04-23 19:53 . 2010-04-23 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-23 19:52 . 2008-10-14 02:00 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-04-23 19:52 . 2008-10-14 02:00 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-04-23 19:52 . 2008-10-14 02:00 271704 ----a-r- c:\windows\system32\hpzids01.dll
2010-04-23 19:52 . 2008-10-06 22:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2010-04-23 19:52 . 2008-10-06 22:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
2010-04-23 19:52 . 2008-10-14 02:00 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-04-23 19:52 . 2008-10-14 02:00 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-04-23 19:52 . 2008-10-14 01:59 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-04-23 19:52 . 2008-10-14 01:59 737280 ----a-r- c:\windows\system32\hposwia_p02b.dll
2010-04-23 19:52 . 2008-10-14 01:59 974848 ----a-r- c:\windows\system32\hpost_p02b.dll
2010-04-23 19:52 . 2008-10-14 01:59 307200 ----a-r- c:\windows\system32\hposc_p02a.dll
2010-04-23 19:51 . 2010-04-23 19:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Common Files\HP
2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-23 19:50 . 2010-04-23 19:56 -------- d-----w- c:\program files\HP
2010-04-23 19:50 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-23 19:50 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-04-23 19:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-23 19:49 . 2010-04-23 19:59 147938 ----a-w- c:\windows\hpoins36.dat
2010-04-23 19:49 . 2008-12-11 21:25 524 ------w- c:\windows\hpomdl36.dat
2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\program files\Common Files\Kodak
2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\windows\system32\color
2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- C:\KPCMS
2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\windows\system32\BWKDLogs
2010-04-23 19:44 . 2010-04-23 19:44 94208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_65b308\EasyShrx.Dll
2010-04-23 19:44 . 2003-06-25 11:18 835584 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_65b308\Setup.exe
2010-04-23 19:44 . 2010-04-23 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-23 19:44 . 2010-04-23 19:46 -------- d-----w- c:\program files\Kodak
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Rai\Application Data\vlc
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\VLC Player
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Conduit
2010-04-23 19:32 . 2010-04-23 19:36 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\myBabylon_English
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\Conduit
2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\myBabylon_English
2010-04-23 19:27 . 1995-05-22 15:05 108032 ------w- c:\windows\system32\mfcuia32.dll
2010-04-23 19:27 . 1995-11-08 12:06 151552 ------w- c:\windows\crllyrnt.dll
2010-04-23 19:27 . 1995-11-07 09:57 6144 ------w- c:\windows\system32\drivers\crlscsi.sys
2010-04-23 19:27 . 2010-04-23 19:27 -------- d-----w- c:\windows\COREL
2010-04-23 19:27 . 2010-04-23 19:27 -------- d-----w- C:\Corel
2010-04-23 18:02 . 2010-04-23 18:02 -------- d-----w- c:\program files\Savings Bond Wizard
2010-04-23 17:55 . 2010-04-23 17:55 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Help
2010-04-23 17:55 . 2010-04-23 19:40 -------- d-----w- c:\documents and settings\Rai\Application Data\Active Disk
2010-04-23 17:55 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-23 17:51 . 2010-04-23 17:51 -------- d-----w- c:\windows\system32\Adobe
2010-04-23 17:47 . 2010-04-23 17:47 -------- d--h--w- c:\windows\PIF
2010-04-23 17:46 . 2010-04-24 23:28 -------- d-----w- C:\MSOffice
2010-04-23 17:41 . 2010-04-23 17:41 -------- d-----w- c:\documents and settings\Rai\Application Data\Leadertech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 02:42 . 2010-04-22 22:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 00:06 . 2010-04-26 00:06 -------- d-----w- c:\program files\LifeScan
2010-04-24 22:35 . 2010-04-26 04:41 171034 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Application Data\Sonic
2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Application Data\Active Disk
2010-04-24 03:16 . 2010-04-24 03:16 37904 ----a-w- c:\documents and settings\Maggie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-24 00:20 . 2010-04-22 22:35 87263 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-04-23 20:59 . 2010-04-23 20:59 -------- d-----w- c:\program files\Play
2010-04-23 04:16 . 2010-04-22 22:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-22 22:39 . 2010-04-22 22:39 -------- d-----w- c:\program files\microsoft frontpage
2010-04-22 22:33 . 2010-04-22 22:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2003-07-16 16:43 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2003-07-16 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2003-07-16 16:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2003-07-16 16:33 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2003-07-16 16:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-07-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( [email protected]_19.10.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 19:39 . 2010-04-26 19:39 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-12-31 18:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1995-7-20 14848]
Microsoft Office Shortcut Bar.lnk - c:\msoffice\Office\MSOFFICE.EXE [1995-7-20 365056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [4/23/2010 12:27 PM 6144]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 3:56 PM 31104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 10:02 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 17:02]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 17:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Rai\Application Data\Mozilla\Firefox\Profiles\4apfv14o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 12:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys >>UNKNOWN [0x8A6CA8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a3b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7424bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7431a21
SendHandler -> NDIS.sys @ 0xf740f87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2010-04-26 12:50:04
ComboFix-quarantined-files.txt 2010-04-26 19:50
ComboFix2.txt 2010-04-26 19:12

Pre-Run: 24,403,537,920 bytes free
Post-Run: 24,367,423,488 bytes free

- - End Of File - - 1862020EB4AD9B78FA279CDA33DCAB3B
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top