Thread: [Active] redirecting links Google Please HELP
View Single Post
  #6 (permalink)  
Old 09-06-2009, 11:14 PM
bal bal is offline
Newbie
D-A-L Newbie
  
Join Date: Jun 2009
Posts: 16
bal Is a beginner here at D-A-L
re: [Active] redirecting links Google Please HELP
Ok once carried out it automatically opened the log in note pad please see below:

ComboFix 09-06-09.06 - BAL 09/06/2009 23:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1503.1162 [GMT 1:00]
Running from: c:\tools-av\7634\7634.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxctxsmylkjaaqjkjdpx yhmnburquvjiyqm.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxciitxgeaeakwtqpmjolqpyrioc bsirqyd.dll
c:\windows\system32\gxvxcoojpyiuoyohktojpkdxroawxt nnaigol.dll
E:\desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 21:49 . 2009-06-09 21:49 -------- d-----w- C:\Tools-AV
2009-06-09 17:59 . 2009-06-09 17:59 -------- d-----w- c:\program files\Trend Micro
2009-06-09 06:16 . 2009-06-09 06:16 -------- d-----w- c:\documents and settings\BAL\Application Data\Malwarebytes
2009-06-09 06:13 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 06:13 . 2009-06-09 15:43 -------- d-----w- c:\program files\mbaaaaaaaaaaaaa
2009-06-09 06:13 . 2009-06-09 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 06:13 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 19:42 . 2009-06-08 19:52 -------- d-----w- c:\program files\Autorun Eater
2009-06-08 18:06 . 2009-06-08 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 18:06 . 2009-06-08 18:06 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-09 21:59 . 2008-03-13 12:56 -------- d-----w- c:\documents and settings\BAL\Application Data\DNA
2009-06-09 19:21 . 2007-03-19 23:23 -------- d-----w- c:\program files\Google
2009-06-09 17:32 . 2008-03-13 12:56 -------- d-----w- c:\program files\DNA
2009-06-08 21:20 . 2008-12-04 18:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 19:52 . 2006-12-11 19:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 19:49 . 2009-01-12 23:22 -------- d-----w- c:\program files\Norton Security Scan
2009-06-08 19:48 . 2009-02-14 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-05-19 18:48 . 2007-11-12 22:33 -------- d-----w- c:\documents and settings\BAL\Application Data\BitTorrent
2009-05-03 17:27 . 2009-05-03 17:27 -------- d-----w- c:\documents and settings\DAD\Application Data\alot
2009-03-21 13:52 . 2007-01-01 13:04 23352 ----a-w- c:\documents and settings\DAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 11:27 . 2006-12-07 18:28 23352 ----a-w- c:\documents and settings\BAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-21 10:23 . 2009-03-21 11:06 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-03-21 10:23 . 2009-03-21 11:06 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-03-21 10:23 . 2009-03-21 11:06 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-03-21 10:23 . 2009-03-21 11:06 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-21 10:23 . 2009-03-21 11:06 129784 ------w- c:\windows\system32\pxafs.dll
2009-03-21 10:23 . 2009-03-21 11:06 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-03-18 22:08 . 2009-03-18 22:08 -------- d-----w- c:\windows\Fonts\Fonts
2009-03-17 22:46 . 2009-03-17 22:46 3532 ----a-w- C:\drmHeader.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
2009-05-26 09:49 2094616 ----a-w- c:\program files\thechatterbox.cc\tbthe1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2acf8db1-7e9c-46ec-8107-9de08f39085e}]
2009-05-26 09:49 2094616 ----a-w- c:\program files\Deja_Vu\tbDej1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-23 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-29 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-12 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-05 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-01-05 2750464]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-23 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Age Of Empires II\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Age Of Empires II\\empires2.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\1\\Update Service\\Update Service.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [06/12/2006 23:56 103680]
S0 bhadqe;bhadqe;c:\windows\system32\drivers\ofdq.sys --> c:\windows\system32\drivers\ofdq.sys [?]
S0 gtzlcuwx;gtzlcuwx;c:\windows\system32\drivers\uwen xy.sys --> c:\windows\system32\drivers\uwenxy.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [12/01/2008 12:13 13352]
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 21:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-09 23:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-09 23:10
ComboFix-quarantined-files.txt 2009-06-09 22:10

Pre-Run: 82,834,178,048 bytes free
Post-Run: 82,905,427,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

150 --- E O F --- 2009-05-13 17:15
Reply With Quote