1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

combofix log - Google redirect problem

Discussion in 'Virus & Other Malware Removal' started by rfcjr, Apr 26, 2010.

Thread Status:
Not open for further replies.
  1. rfcjr

    rfcjr Thread Starter

    Joined:
    May 20, 2001
    Messages:
    140
    Could somebody please take a quick look at my combofix log? I just reloaded Win Xp and after using Google to search landed on a site which infected me. What might I need to delete from what is shown in the log to possibly fix this redirect problem? Thank you in advance.

    ComboFix 10-04-26.02 - Rai 04/26/2010 12:40:20.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1767 [GMT -7:00]
    Running from: c:\documents and settings\Rai\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
    .

    2010-04-26 04:42 . 2010-04-26 04:42 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-26 04:17 . 2010-04-26 04:17 -------- d-----w- C:\spoolerlogs
    2010-04-26 04:17 . 2010-04-26 04:17 -------- d-----w- c:\documents and settings\LocalService\IETldCache
    2010-04-26 02:42 . 2010-04-26 02:42 -------- d-----w- c:\program files\LizardTech
    2010-04-25 23:24 . 2010-04-25 23:24 -------- d-----w- c:\windows\Sun
    2010-04-25 23:24 . 2010-04-25 23:24 -------- d-----w- c:\program files\Common Files\Java
    2010-04-25 23:24 . 2010-04-25 23:24 503808 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\msvcp71.dll
    2010-04-25 23:24 . 2010-04-25 23:24 499712 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\jmc.dll
    2010-04-25 23:24 . 2010-04-25 23:24 348160 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-243d40ae-n\msvcr71.dll
    2010-04-25 23:24 . 2010-04-25 23:24 61440 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b5cae0a-n\decora-sse.dll
    2010-04-25 23:24 . 2010-04-25 23:24 12800 ----a-w- c:\documents and settings\Rai\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b5cae0a-n\decora-d3d.dll
    2010-04-25 23:23 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-25 00:16 . 2010-04-25 00:19 -------- d-----w- c:\program files\TechSmith
    2010-04-24 20:12 . 2010-04-24 20:12 -------- d-sh--w- c:\documents and settings\Rai\IECompatCache
    2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-04-24 18:53 . 2010-04-24 18:53 -------- d-----w- c:\windows\ShellNew
    2010-04-24 18:49 . 2010-04-24 18:49 -------- d-----w- c:\program files\Microsoft Works Suite 2003
    2010-04-24 18:44 . 2010-04-24 18:44 -------- d-sh--w- c:\documents and settings\Rai\PrivacIE
    2010-04-24 18:43 . 2010-04-24 18:43 -------- d-sh--w- c:\documents and settings\Rai\IETldCache
    2010-04-24 18:40 . 2010-02-25 18:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-24 18:40 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-24 18:40 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-24 18:40 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-24 18:40 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-24 18:40 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-24 18:40 . 2010-04-26 16:38 -------- d-----w- c:\windows\ie8updates
    2010-04-24 18:40 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-24 18:39 . 2010-04-24 18:40 -------- dc-h--w- c:\windows\ie8
    2010-04-24 18:28 . 2010-04-24 18:28 0 ----a-w- c:\windows\nsreg.dat
    2010-04-24 18:28 . 2010-04-24 18:28 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Mozilla
    2010-04-24 17:02 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
    2010-04-24 03:22 . 2010-04-24 03:22 -------- d-----w- c:\documents and settings\Maggie\Application Data\Qualcomm
    2010-04-24 03:20 . 2010-04-24 03:20 -------- d-s---w- c:\documents and settings\Maggie\UserData
    2010-04-24 03:20 . 2010-04-24 03:21 -------- d-----w- c:\documents and settings\Maggie\Application Data\HPAppData
    2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\myBabylon_English
    2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Google
    2010-04-24 03:20 . 2010-04-24 03:20 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Conduit
    2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Local Settings\Application Data\Help
    2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\system32\scripting
    2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\system32\en
    2010-04-24 00:17 . 2010-04-24 00:17 -------- d-----w- c:\windows\l2schemas
    2010-04-23 23:08 . 2010-04-23 23:08 1005270 ----a-w- c:\documents and settings\Rai\Application Data\Qualcomm\Eudora\attach\instzip3.exe
    2010-04-23 23:08 . 2010-04-23 23:08 848712 ----a-w- c:\documents and settings\Rai\Application Data\Qualcomm\Eudora\attach\avg_free_stb_all_8_32_cnet.exe
    2010-04-23 23:06 . 2010-04-23 23:06 -------- d-----w- c:\documents and settings\Rai\Application Data\Qualcomm
    2010-04-23 23:03 . 2010-04-23 23:03 -------- d-----w- c:\program files\Qualcomm
    2010-04-23 23:03 . 2005-08-09 23:09 48640 ----a-w- c:\windows\system32\INETWH32.DLL
    2010-04-23 23:03 . 2005-08-09 23:09 317952 ----a-w- c:\windows\system32\Roboex32.dll
    2010-04-23 22:40 . 2010-04-23 22:40 -------- d-----w- c:\program files\MSXML 4.0
    2010-04-23 21:58 . 2008-04-14 00:11 94208 ------w- c:\windows\system32\eappgnui.dll
    2010-04-23 21:28 . 2010-04-23 21:28 -------- d-----w- C:\unzipped
    2010-04-23 21:17 . 2010-04-23 21:17 -------- d-----w- c:\program files\Ken Ward's Zipper
    2010-04-23 21:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-04-23 21:01 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-04-23 21:00 . 2010-04-23 21:00 -------- d-----w- c:\program files\CWGET
    2010-04-23 21:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-23 21:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-23 20:58 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-04-23 20:56 . 2010-04-23 20:57 -------- d-----w- c:\documents and settings\Rai\Outlook Express
    2010-04-23 20:54 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-04-23 20:54 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2010-04-23 20:54 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-23 20:54 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-04-23 20:51 . 2009-06-10 16:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2010-04-23 20:51 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-04-23 20:50 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
    2010-04-23 20:50 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-23 20:06 . 2001-05-07 07:00 65536 ----a-w- c:\windows\system32\epcomdd.dll
    2010-04-23 20:06 . 2001-06-25 07:00 172032 ----a-w- c:\windows\system32\esdtr.dll
    2010-04-23 20:06 . 2001-02-28 07:00 57344 ----a-w- c:\windows\system32\essiscsi.dll
    2010-04-23 20:06 . 2000-10-11 07:00 53248 ----a-w- c:\windows\system32\esicm.dll
    2010-04-23 20:06 . 2001-06-07 07:00 86016 ----a-w- c:\windows\system32\epfb5cpl.dll
    2010-04-23 20:00 . 2010-04-23 20:00 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\HP
    2010-04-23 19:59 . 2010-04-26 19:27 -------- d-----w- c:\documents and settings\Rai\Application Data\HPAppData
    2010-04-23 19:59 . 2010-04-23 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
    2010-04-23 19:56 . 2010-04-23 19:56 -------- d-----w- c:\documents and settings\Rai\Application Data\HP
    2010-04-23 19:55 . 2010-04-23 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2010-04-23 19:53 . 2010-04-23 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-04-23 19:52 . 2008-10-14 02:00 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
    2010-04-23 19:52 . 2008-10-14 02:00 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
    2010-04-23 19:52 . 2008-10-14 02:00 271704 ----a-r- c:\windows\system32\hpzids01.dll
    2010-04-23 19:52 . 2008-10-06 22:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll
    2010-04-23 19:52 . 2008-10-06 22:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll
    2010-04-23 19:52 . 2008-10-14 02:00 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
    2010-04-23 19:52 . 2008-10-14 02:00 372736 ----a-r- c:\windows\system32\hppldcoi.dll
    2010-04-23 19:52 . 2008-10-14 01:59 309760 ----a-r- c:\windows\system32\difxapi.dll
    2010-04-23 19:52 . 2008-10-14 01:59 737280 ----a-r- c:\windows\system32\hposwia_p02b.dll
    2010-04-23 19:52 . 2008-10-14 01:59 974848 ----a-r- c:\windows\system32\hpost_p02b.dll
    2010-04-23 19:52 . 2008-10-14 01:59 307200 ----a-r- c:\windows\system32\hposc_p02a.dll
    2010-04-23 19:51 . 2010-04-23 19:51 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Common Files\HP
    2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Hewlett-Packard
    2010-04-23 19:50 . 2010-04-23 19:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-04-23 19:50 . 2010-04-23 19:56 -------- d-----w- c:\program files\HP
    2010-04-23 19:50 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-04-23 19:50 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-04-23 19:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-04-23 19:49 . 2010-04-23 19:59 147938 ----a-w- c:\windows\hpoins36.dat
    2010-04-23 19:49 . 2008-12-11 21:25 524 ------w- c:\windows\hpomdl36.dat
    2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\program files\Common Files\Kodak
    2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\windows\system32\color
    2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- C:\KPCMS
    2010-04-23 19:46 . 2010-04-23 19:46 -------- d-----w- c:\windows\system32\BWKDLogs
    2010-04-23 19:44 . 2010-04-23 19:44 94208 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_65b308\EasyShrx.Dll
    2010-04-23 19:44 . 2003-06-25 11:18 835584 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_65b308\Setup.exe
    2010-04-23 19:44 . 2010-04-23 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-04-23 19:44 . 2010-04-23 19:46 -------- d-----w- c:\program files\Kodak
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Rai\Application Data\vlc
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\VLC Player
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Conduit
    2010-04-23 19:32 . 2010-04-23 19:36 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\myBabylon_English
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\Conduit
    2010-04-23 19:32 . 2010-04-23 19:32 -------- d-----w- c:\program files\myBabylon_English
    2010-04-23 19:27 . 1995-05-22 15:05 108032 ------w- c:\windows\system32\mfcuia32.dll
    2010-04-23 19:27 . 1995-11-08 12:06 151552 ------w- c:\windows\crllyrnt.dll
    2010-04-23 19:27 . 1995-11-07 09:57 6144 ------w- c:\windows\system32\drivers\crlscsi.sys
    2010-04-23 19:27 . 2010-04-23 19:27 -------- d-----w- c:\windows\COREL
    2010-04-23 19:27 . 2010-04-23 19:27 -------- d-----w- C:\Corel
    2010-04-23 18:02 . 2010-04-23 18:02 -------- d-----w- c:\program files\Savings Bond Wizard
    2010-04-23 17:55 . 2010-04-23 17:55 -------- d-----w- c:\documents and settings\Rai\Local Settings\Application Data\Help
    2010-04-23 17:55 . 2010-04-23 19:40 -------- d-----w- c:\documents and settings\Rai\Application Data\Active Disk
    2010-04-23 17:55 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-04-23 17:51 . 2010-04-23 17:51 -------- d-----w- c:\windows\system32\Adobe
    2010-04-23 17:47 . 2010-04-23 17:47 -------- d--h--w- c:\windows\PIF
    2010-04-23 17:46 . 2010-04-24 23:28 -------- d-----w- C:\MSOffice
    2010-04-23 17:41 . 2010-04-23 17:41 -------- d-----w- c:\documents and settings\Rai\Application Data\Leadertech

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-26 02:42 . 2010-04-22 22:58 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-26 00:06 . 2010-04-26 00:06 -------- d-----w- c:\program files\LifeScan
    2010-04-24 22:35 . 2010-04-26 04:41 171034 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1033.dat
    2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Application Data\Sonic
    2010-04-24 03:17 . 2010-04-24 03:17 -------- d-----w- c:\documents and settings\Maggie\Application Data\Active Disk
    2010-04-24 03:16 . 2010-04-24 03:16 37904 ----a-w- c:\documents and settings\Maggie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-24 00:20 . 2010-04-22 22:35 87263 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-04-23 20:59 . 2010-04-23 20:59 -------- d-----w- c:\program files\Play
    2010-04-23 04:16 . 2010-04-22 22:57 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-04-22 22:39 . 2010-04-22 22:39 -------- d-----w- c:\program files\microsoft frontpage
    2010-04-22 22:33 . 2010-04-22 22:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-03-10 06:15 . 2003-07-16 16:43 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-25 06:24 . 2003-07-16 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2003-07-16 16:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 16:10 . 2003-07-16 16:33 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2003-07-16 16:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2003-07-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_19.10.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-04-26 19:39 . 2010-04-26 19:39 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2009-12-31 18:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-23 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
    "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
    "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-23 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1995-7-20 14848]
    Microsoft Office Shortcut Bar.lnk - c:\msoffice\Office\MSOFFICE.EXE [1995-7-20 365056]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [4/23/2010 12:27 PM 6144]
    R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 3:56 PM 31104]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2010 10:02 AM 135664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 17:02]

    2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-23 17:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    FF - ProfilePath - c:\documents and settings\Rai\Application Data\Mozilla\Firefox\Profiles\4apfv14o.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-26 12:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys >>UNKNOWN [0x8A6CA8C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
    \Driver\ACPI -> ACPI.sys @ 0xf75aecb8
    \Driver\atapi -> atapi.sys @ 0xf74a3b3a
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7424bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7431a21
    SendHandler -> NDIS.sys @ 0xf740f87b
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    Completion time: 2010-04-26 12:50:04
    ComboFix-quarantined-files.txt 2010-04-26 19:50
    ComboFix2.txt 2010-04-26 19:12

    Pre-Run: 24,403,537,920 bytes free
    Post-Run: 24,367,423,488 bytes free

    - - End Of File - - 1862020EB4AD9B78FA279CDA33DCAB3B
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919406

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice