Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect r3.google.com


  • This topic is locked This topic is locked
6 replies to this topic

#1 gsolo

gsolo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 November 2010 - 09:05 PM

Been trying to remove this of several days with no luck. If anyone can look at my log and help me I would appreciate.

Thanks,

Chris


DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 19:49:06.92 on Thu 11/11/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -6:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
C:\Documents and Settings\Owner.M680\Local Settings\Temporary Internet Files\Content.IE5\HX23TR15\Defogger[1].exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner.M680\Local Settings\Temporary Internet Files\Content.IE5\58D2P8IX\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GWYA,GWYA:2010-44,GWYA:en&q=gopowercat
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [Gateway Extended Warranty] "c:\program files\gateway\gwcares\GWCares.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-11 475736]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe [2010-7-1 352976]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 NAVAP;NAVAP;\??\c:\program files\navnt\navap.sys --> c:\program files\navnt\NAVAP.sys [?]

=============== Created Last 30 ================

2010-11-12 01:21:47 -------- d-----w- c:\windows\pss
2010-11-12 00:12:27 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-12 00:12:27 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-12 00:10:48 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-12 00:10:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-11-11 23:54:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-11-11 00:08:46 -------- d-----w- c:\docume~1\owner~1.m68\applic~1\Malwarebytes
2010-11-11 00:08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-11 00:08:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 00:08:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 00:08:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-08 21:56:17 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-08 21:56:17 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-11-08 21:47:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\SkyGolf
2010-11-08 21:46:16 -------- d-----w- c:\program files\SkyGolf
2010-11-07 16:45:40 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-07 16:45:40 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-07 16:45:39 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-11-07 16:45:39 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-07 16:45:39 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-11-07 16:45:39 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-07 16:45:39 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-11-07 16:45:39 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-11-05 21:56:05 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 21:56:05 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-05 21:56:05 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 21:55:17 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 21:49:54 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-05 18:15:06 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-05 18:14:20 -------- d-----w- c:\windows\ShellNew
2010-11-05 17:45:30 -------- d-----w- c:\docume~1\owner~1.m68\locals~1\applic~1\Adobe
2010-11-05 17:14:30 -------- d-----w- c:\windows\system32\CBA
2010-11-05 17:13:12 53248 ------w- c:\program files\common files\installshield\engine\6\intel 32\msihook.dll
2010-11-05 17:13:12 126976 ------w- c:\program files\common files\installshield\engine\6\intel 32\knlwrap.exe
2010-11-05 17:13:11 114688 ------w- c:\program files\common files\installshield\engine\6\intel 32\scpthdlr.dll
2010-11-05 16:52:04 -------- d-----w- c:\windows\system32\scripting
2010-11-05 16:52:03 -------- d-----w- c:\windows\system32\en
2010-11-05 16:52:03 -------- d-----w- c:\windows\system32\bits
2010-11-05 16:52:03 -------- d-----w- c:\windows\l2schemas
2010-11-05 16:45:49 -------- d-----w- c:\windows\network diagnostic
2010-11-05 11:38:26 -------- d-----w- c:\docume~1\owner~1.m68\locals~1\applic~1\Identities
2010-11-05 11:36:24 -------- d-----w- c:\windows\ServicePackFiles
2010-11-05 02:26:50 -------- d-----w- c:\docume~1\owner~1.m68\locals~1\applic~1\Google
2010-11-05 02:24:46 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-05 02:24:46 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-05 02:24:46 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-11-05 02:15:27 -------- d-----w- c:\windows\system32\appmgmt
2010-11-05 01:59:35 46433 ----a-w- c:\windows\WBODA34I.DLL
2010-11-05 01:59:35 351526 ----a-w- c:\windows\WBDDA34I.DLL
2010-11-05 01:59:03 20480 ----a-w- c:\windows\system32\Marker32.exe
2010-11-05 01:58:55 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-05 01:58:55 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-05 01:53:27 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-05 01:53:27 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-05 01:53:12 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-05 01:52:50 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-05 01:52:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-05 01:47:19 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-11-05 01:47:17 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-11-05 01:47:12 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-11-05 01:47:10 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-11-05 01:47:08 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-11-05 01:47:06 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-11-05 01:47:04 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-11-05 01:47:02 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-11-05 01:45:56 -------- d-----w- C:\My Music
2010-11-05 01:44:18 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-11-05 01:44:06 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-11-05 01:44:06 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-11-05 01:44:05 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-11-05 01:44:05 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-11-05 01:43:53 -------- d-----w- c:\windows\tiinst
2010-11-05 01:41:31 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-05 01:41:31 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-11-05 01:41:31 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-11-05 01:41:31 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-11-05 01:41:31 185824 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-11-05 01:41:31 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-05 01:41:30 -------- d-----w- c:\program files\Synaptics
2010-11-05 01:41:27 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-11-05 01:39:17 471298 ----a-w- c:\windows\wallpg.exe
2010-11-05 01:38:32 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-05 01:38:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-05 01:38:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-05 01:38:09 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-05 01:38:04 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-05 01:36:17 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-05 01:36:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-05 01:34:44 143410 ----a-w- c:\program files\common files\microsoft shared\works shared\aw.dll
2010-11-05 01:34:42 65593 ----a-r- c:\program files\common files\microsoft shared\proof\csapi3t1.dll
2010-11-05 01:34:42 45121 ----a-r- c:\program files\common files\microsoft shared\proof\ctapi3t2.dll
2010-11-05 01:32:45 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-11-05 01:32:39 67072 ----a-w- c:\windows\POWERCFG.EXE
2010-11-05 01:32:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-05 01:31:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-05 01:31:39 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-05 01:27:44 518520 ----a-w- c:\windows\vidres.exe
2010-11-05 01:24:57 1409 ----a-w- c:\windows\QTFont.for
2010-11-05 01:24:52 -------- d-----w- c:\docume~1\owner~1.m68\locals~1\applic~1\Apple Computer
2010-11-05 01:24:24 -------- d-----w- c:\program files\Bonjour
2010-11-05 01:24:03 -------- d-----w- c:\docume~1\owner~1.m68\locals~1\applic~1\Apple
2010-11-05 01:23:39 -------- d-----w- c:\windows\Downloaded Installations
2010-11-05 01:23:39 -------- d-----w- c:\program files\Gateway
2010-11-05 01:19:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2010-11-05 01:16:19 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-11-05 01:16:14 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-11-05 01:16:14 614532 ------w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-11-05 01:16:14 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-11-05 01:16:14 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2010-11-05 01:16:14 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-11-05 01:15:59 17956 ----a-w- c:\windows\BigFixClientOverride.dll
2010-11-05 01:15:58 -------- d-----w- c:\program files\BigFix
2010-11-05 01:15:42 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-11-05 01:14:45 -------- d-----w- c:\windows\system32\PreInstall
2010-11-05 01:14:44 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-05 01:14:43 -------- d--h--w- c:\windows\$hf_mig$
2010-11-05 01:13:19 90184 ----a-w- c:\windows\system32\NeroCo.dll
2010-11-05 01:13:19 57344 ----a-w- c:\windows\system32\NeroBurnRights.cpl
2010-11-05 01:13:19 2658304 ------w- c:\windows\UNNeroBurnRights.exe
2010-11-05 01:12:46 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-11-05 01:12:43 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-11-05 01:12:43 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-11-05 01:12:43 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-11-05 01:12:43 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-11-05 01:12:42 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-11-05 01:12:33 -------- d-----w- c:\program files\common files\New Boundary
2010-11-05 01:12:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Prism Deploy
2010-11-05 01:08:29 -------- d-----w- c:\program files\Norton Internet Security
2010-11-05 01:07:18 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-05 01:07:18 104144 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-05 01:07:17 -------- d-----w- c:\program files\Symantec
2010-11-05 01:07:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-11-05 01:07:09 -------- d-----w- c:\program files\common files\Symantec Shared
2010-11-05 01:06:29 -------- d-----w- c:\windows\system32\URTTemp
2010-11-05 00:47:56 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-05 00:46:00 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-11-05 00:45:59 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-11-05 00:45:59 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-11-05 00:45:55 1654784 ----a-w- c:\windows\system32\W29MLRES.dll
2010-11-05 00:45:48 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-11-05 00:45:48 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-05 00:45:36 -------- d-----w- c:\program files\CONEXANT
2010-11-05 00:45:28 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-11-05 00:45:27 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-11-05 00:45:27 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-11-05 00:42:02 -------- d-----w- c:\windows\creator
2010-11-05 00:39:57 69700 ----a-w- c:\windows\system32\usrshuta.exe
2010-11-05 00:38:58 15360 ----a-w- c:\windows\system32\pjlmon.dll
2010-11-05 00:37:59 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys
2010-11-05 00:36:35 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-05 00:36:22 -------- d-sh--w- c:\documents and settings\owner.m680\UserData
2010-11-05 00:34:28 -------- d-----w- c:\docume~1\owner~1.m68\applic~1\Symantec
2010-11-04 01:05:52 -------- d-----w- C:\My Backup -- 10-11-03 0605PM

==================== Find3M ====================

2010-11-05 01:45:54 24576 ----a-w- c:\windows\system32\prefscpl.cpl
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 12:10:04 389120 ----a-w- c:\windows\system32\html.iec
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:49:46.61 ===============

Edited by boopme, 11 November 2010 - 09:22 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 11 November 2010 - 09:19 PM

Hello Chris ,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to gsolo.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 gsolo

gsolo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 November 2010 - 10:07 PM

When I try to run combo fix I get an error

You cannot rename ComboFix as ComboFix[1]
Please use another name, preferbaly made up of alphanumberic characters

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 11 November 2010 - 10:21 PM

Did you try to run it normally first? And then did you try renaming it to gsolo.exe? :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 gsolo

gsolo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 November 2010 - 10:25 PM

sorry tried to run first installed here is the log

ComboFix 10-11-11.01 - Owner 11/11/2010 21:10:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.679 [GMT -6:00]
Running from: c:\documents and settings\Owner.M680\Desktop\gsolo.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-12 02:58 . 2010-11-12 02:58 -------- d-----w- c:\program files\ESET
2010-11-12 00:12 . 2010-11-12 00:12 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-12 00:12 . 2010-11-12 00:12 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-12 00:10 . 2010-11-12 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-11-12 00:10 . 2010-11-12 00:10 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-11 23:54 . 2010-11-11 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-11-11 00:08 . 2010-11-12 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 00:08 . 2010-11-11 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-08 21:56 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-08 21:56 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-11-08 21:47 . 2010-11-08 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SkyGolf
2010-11-08 21:46 . 2010-11-08 21:46 -------- d-----w- c:\program files\SkyGolf
2010-11-07 16:45 . 2010-09-09 13:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-07 16:45 . 2010-09-09 13:38 468480 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-07 16:45 . 2010-09-09 13:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-11-07 16:45 . 2010-09-09 13:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-11-07 16:45 . 2010-09-09 13:38 6075904 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-11-07 16:45 . 2010-09-09 13:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-11-07 16:45 . 2010-08-31 12:09 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-11-07 16:45 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-11-05 21:56 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 21:56 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-05 21:56 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 21:55 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 21:49 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-11-05 18:15 . 2010-11-05 18:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-05 18:14 . 2010-11-05 18:14 -------- d-----w- c:\windows\ShellNew
2010-11-05 17:15 . 2010-11-05 17:15 -------- d-----w- c:\documents and settings\OWNER~1~M68
2010-11-05 17:14 . 2010-11-05 17:53 -------- d-----w- c:\windows\system32\CBA
2010-11-05 16:52 . 2010-11-05 16:52 -------- d-----w- c:\windows\system32\scripting
2010-11-05 16:52 . 2010-11-05 16:52 -------- d-----w- c:\windows\l2schemas
2010-11-05 16:52 . 2010-11-05 16:52 -------- d-----w- c:\windows\system32\en
2010-11-05 16:52 . 2010-11-05 16:52 -------- d-----w- c:\windows\system32\bits
2010-11-05 11:36 . 2010-11-05 16:49 -------- d-----w- c:\windows\ServicePackFiles
2010-11-05 02:24 . 2004-08-04 04:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-11-05 02:24 . 2004-08-04 04:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-05 02:24 . 2004-08-04 04:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-05 02:05 . 2010-11-05 00:36 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-11-05 01:59 . 2003-01-10 21:58 351526 ----a-w- c:\windows\WBDDA34I.DLL
2010-11-05 01:59 . 2003-01-10 21:58 46433 ----a-w- c:\windows\WBODA34I.DLL
2010-11-05 01:59 . 2004-09-04 00:07 20480 ----a-w- c:\windows\system32\Marker32.exe
2010-11-05 01:58 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-05 01:58 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-05 01:56 . 2010-11-05 00:36 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2010-11-05 01:53 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-05 01:53 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-05 01:53 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-05 01:52 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-05 01:52 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-05 01:47 . 2010-11-05 01:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-11-05 01:47 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-11-05 01:47 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-11-05 01:47 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-11-05 01:47 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-11-05 01:47 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2010-11-05 01:47 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2010-11-05 01:47 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-11-05 01:47 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-11-05 01:45 . 2010-11-05 01:45 -------- d-----w- C:\My Music
2010-11-05 01:44 . 2010-11-05 01:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-05 01:44 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-11-05 01:44 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-11-05 01:44 . 2008-04-14 00:12 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-11-05 01:44 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-11-05 01:43 . 2010-11-05 01:43 -------- d-----w- c:\windows\tiinst
2010-11-05 01:41 . 2004-11-05 17:47 90202 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-05 01:41 . 2004-11-05 17:47 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2010-11-05 01:41 . 2004-11-05 17:47 77917 ----a-w- c:\windows\system32\SynCOM.dll
2010-11-05 01:41 . 2004-11-05 17:47 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2010-11-05 01:41 . 2004-11-05 17:47 185824 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-11-05 01:41 . 2004-11-05 17:47 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-05 01:41 . 2010-11-05 01:41 -------- d-----w- c:\program files\Synaptics
2010-11-05 01:41 . 2010-06-14 07:41 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-11-05 01:41 . 2010-11-05 01:41 -------- d-----w- c:\program files\CyberLink
2010-11-05 01:41 . 2010-11-05 01:41 -------- d-----w- c:\documents and settings\Owner
2010-11-05 01:39 . 2004-07-15 22:06 471298 ----a-w- c:\windows\wallpg.exe
2010-11-05 01:38 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-05 01:38 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-05 01:38 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-05 01:38 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-05 01:38 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-05 01:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-05 01:36 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-05 01:34 . 2003-11-22 02:12 143410 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\aw.dll
2010-11-05 01:34 . 2003-11-22 01:11 65593 ----a-r- c:\program files\Common Files\Microsoft Shared\Proof\csapi3t1.dll
2010-11-05 01:34 . 2003-11-22 01:11 45121 ----a-r- c:\program files\Common Files\Microsoft Shared\Proof\ctapi3t2.dll
2010-11-05 01:32 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-11-05 01:32 . 2003-03-25 13:00 67072 ----a-w- c:\windows\POWERCFG.EXE
2010-11-05 01:32 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-05 01:31 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-05 01:31 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-05 01:27 . 2004-07-15 22:03 518520 ----a-w- c:\windows\vidres.exe
2010-11-05 01:24 . 2010-11-05 01:24 1409 ----a-w- c:\windows\QTFont.for
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\program files\Safari
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\program files\Bonjour
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\program files\Common Files\Apple
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\program files\Apple Software Update
2010-11-05 01:24 . 2010-11-05 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-11-05 01:23 . 2010-11-05 01:46 -------- d-----w- c:\program files\Gateway
2010-11-05 01:23 . 2010-11-05 01:23 -------- d-----w- c:\windows\Downloaded Installations
2010-11-05 01:21 . 2010-11-05 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-05 01:21 . 2010-11-05 01:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\McAfee
2010-11-05 01:18 . 2010-11-05 01:18 -------- d-----w- c:\program files\Intel
2010-11-05 01:16 . 2010-11-05 01:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-11-05 01:16 . 2010-11-05 01:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-11-05 01:15 . 2004-08-09 18:16 17956 ----a-w- c:\windows\BigFixClientOverride.dll
2010-11-05 01:15 . 2010-11-05 01:26 -------- d-----w- c:\program files\BigFix
2010-11-05 01:15 . 2010-11-05 01:15 53352 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-11-05 01:15 . 2010-11-05 01:15 -------- d-----w- c:\program files\Java
2010-11-05 01:15 . 2010-11-05 01:15 -------- d-----w- c:\program files\Common Files\Java
2010-11-05 01:15 . 2010-11-05 01:15 -------- d-----w- c:\program files\Google
2010-11-05 01:14 . 2007-07-28 04:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-05 01:14 . 2010-11-07 16:53 -------- d--h--w- c:\windows\$hf_mig$
2010-11-05 01:13 . 2005-02-16 23:18 90184 ----a-w- c:\windows\system32\NeroCo.dll
2010-11-05 01:13 . 2005-01-20 13:29 2658304 ------w- c:\windows\UNNeroBurnRights.exe
2010-11-05 01:13 . 2002-10-09 22:36 57344 ----a-w- c:\windows\system32\NeroBurnRights.cpl
2010-11-05 01:12 . 2000-06-26 19:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-11-05 01:12 . 2004-07-27 01:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-11-05 01:12 . 2004-07-27 01:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-11-05 01:12 . 2004-07-27 01:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-11-05 01:12 . 2004-07-27 01:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-11-05 01:12 . 2010-11-05 01:12 -------- d-----w- c:\program files\Common Files\Ahead
2010-11-05 01:12 . 2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-11-05 01:12 . 2010-11-05 01:13 -------- d-----w- c:\program files\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2006-02-09 03:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-09 03:29 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-09 03:29 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-09 03:29 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-02-09 03:31 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-09 03:27 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-09 03:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-09 03:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-01 11:51 . 2006-02-09 03:25 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-09 03:31 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 12:10 . 2006-02-09 03:27 389120 ----a-w- c:\windows\system32\html.iec
2010-08-27 08:02 . 2006-02-09 03:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-09 03:31 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-09 03:31 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-02-09 03:26 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-09 03:31 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-09 03:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-09 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-05 98304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-12 352976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9212:TCP"= 9212:TCP:SkyCaddie Desktop
"9210:UDP"= 9210:UDP:SkyCaddie Desktop

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-11-05 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-09 00:12]

2010-11-05 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-09 00:12]

2010-11-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-11-05 19:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GWYA,GWYA:2010-44,GWYA:en&q=gopowercat
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AOL Connectivity Services - c:\progra~1\COMMON~1\AOL\ACS\AcsUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\kls6EF2.tmp 91240 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-11 21:24:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 03:24

Pre-Run: 43,274,158,080 bytes free
Post-Run: 43,397,128,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 576772180962A43FD04D664C4CA9F0B2

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 13 November 2010 - 12:40 PM

Hi Chris,

Are you still being redirected?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:56 PM

Posted 19 November 2010 - 11:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users