Thread: Help: browser keep being redirected to ecata.info
View Single Post
Old 12-05-2007, 10:52 PM   #6 (permalink)
gee_mel12
Registered User
 
gee_mel12's Avatar
 
Join Date: Dec 2007
Posts: 6
OS: win XP (sp2)


Re: Help: browser keep being redirected to ecata.info
it's weird. after comboxfix finishes running, there's no message box or browser opened whatsoever. i only got the log for combofix. when my comp restarted (i.e combofix automatically reboot it), avast and spyboat are also started since these programs are set to launch during start up. is that what had caused combofix to not able to open the message box and the browser?


ComboFix 07-12-04.3 - user 2007-12-06 13:17:24.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.70 [GMT 8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-04 23:45 . 2007-12-04 23:45 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-04 22:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-04 18:01 . 2007-12-04 18:01 <DIR> d-------- C:\Documents and Settings\user\Application Data\Grisoft
2007-12-04 18:00 . 2007-12-04 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 18:00 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-03 22:32 . 2007-12-03 22:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-03 22:32 . 2007-12-04 11:44 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-03 22:32 . 2007-12-04 11:44 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-03 22:32 . 2007-12-04 11:44 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-03 19:03 . 2007-12-03 19:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 19:00 . 2007-12-03 19:00 <DIR> d-------- C:\Deckard
2007-11-26 13:46 . 2007-11-26 13:46 <DIR> d-------- C:\Program Files\EA GAMES
2007-11-25 16:00 . 2007-11-25 16:00 <DIR> d-------- C:\Program Files\uTorrent
2007-11-24 23:41 . 2007-11-24 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 23:08 . 2007-11-24 23:08 <DIR> d-------- C:\Program Files\CCleaner
2007-11-24 22:43 . 2007-11-24 22:43 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-24 22:43 . 2003-03-19 05:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-11-24 22:43 . 2007-09-06 18:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-24 22:43 . 2004-01-09 18:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-24 22:43 . 2007-09-06 18:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-24 22:43 . 2007-09-06 18:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-24 22:43 . 2007-09-06 18:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-24 22:43 . 2007-09-06 18:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-24 22:43 . 2007-09-06 18:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-24 22:43 . 2007-09-06 18:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-23 18:09 . 2007-11-23 18:09 <DIR> d-------- C:\Program Files\Fox
2007-11-23 13:44 . 2007-11-24 14:39 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-11-23 13:44 . 2007-11-24 14:39 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-11-23 13:44 . 2007-11-24 14:39 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-11-12 20:49 . 2007-11-12 20:49 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab
2007-11-12 20:48 . 2007-11-12 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-12 13:13 . 2007-11-12 13:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-12 12:27 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-12 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-12 12:27 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-12 12:27 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-11 22:59 . 2007-11-11 22:59 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-11 22:59 . 2007-11-11 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-11 22:49 . 2007-11-11 22:49 <DIR> d-------- C:\kav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 15:31 --------- d-----w C:\Program Files\WIDCOMM
2007-10-17 10:49 --------- d-----w C:\Program Files\opacity
2007-10-08 19:32 --------- d-----w C:\Program Files\InterVideo
2007-10-08 19:21 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-09-09 16:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-12-07 06:48 19,456 ----a-w C:\Program Files\patch.exe
2006-09-11 06:54 13,447,680 ----a-w C:\Program Files\SPSS 15.0 for Windows Evaluation Version.msi
2006-09-11 06:03 2,094 ----a-w C:\Program Files\Setup.ini
2006-09-11 06:01 252 ----a-w C:\Program Files\v7temp.cab
2006-09-11 06:00 315 ----a-w C:\Program Files\Lopts.cab
2006-09-11 05:59 851,246 ----a-w C:\Program Files\Utl.cab
2006-09-11 05:58 466,423 ----a-w C:\Program Files\xd.cab
2006-09-10 11:32 8,864,916 ----a-w C:\Program Files\Chm.cab
2006-09-10 11:32 797,507 ----a-w C:\Program Files\Dat.cab
2006-09-10 11:32 573,777 ----a-w C:\Program Files\Bsc.cab
2006-09-10 11:32 2,916,387 ----a-w C:\Program Files\Common.cab
2006-09-10 11:32 101,700 ----a-w C:\Program Files\ClientAc.cab
2006-09-10 11:31 6,417,305 ----a-w C:\Program Files\SBB.cab
2006-09-10 11:31 108,698 ----a-w C:\Program Files\PdM.cab
2006-09-10 11:30 9,873 ----a-w C:\Program Files\Looks.cab
2006-09-10 11:30 326,750 ----a-w C:\Program Files\Local.cab
2006-09-10 11:30 23,231,538 ----a-w C:\Program Files\JRE.cab
2006-09-10 11:30 13,795 ----a-w C:\Program Files\Readme.cab
2006-09-10 11:29 55,739,932 ----a-w C:\Program Files\Bas.cab
2006-09-10 11:26 495,386 ----a-w C:\Program Files\CustID.cab
2006-09-10 11:26 455,490 ----a-w C:\Program Files\NetID.cab
2006-09-10 11:26 455,484 ----a-w C:\Program Files\VirtID.cab
2006-09-10 11:26 30,260,916 ----a-w C:\Program Files\Tut.cab
2006-09-10 11:26 3,029,874 ----a-w C:\Program Files\Sys.cab
2006-09-10 11:25 10,566,539 ----a-w C:\Program Files\Syn.cab
2006-09-10 11:07 8,237,172 ----a-w C:\Program Files\Map.cab
2006-09-10 11:07 7,034 ----a-w C:\Program Files\ESD.cab
2006-09-10 11:07 385,507 ----a-w C:\Program Files\Net.cab
2006-09-10 11:07 262,144 ----a-w C:\Program Files\setup.exe
2006-06-01 01:51 62,960 ----a-w C:\Program Files\setup.bmp
2006-01-12 15:14 92,828,160 ----a-w C:\Program Files\Fireworks8-en.exe
2005-11-13 19:26 1,001,472 ----a-w C:\Program Files\ISScript1150.Msi
2005-11-13 15:49 5,693 ----a-w C:\Program Files\0x0409.ini
2005-11-13 15:44 2,584,848 ----a-w C:\Program Files\WindowsInstaller-KB893803-x86.exe
2004-08-12 08:43 31,384 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2003-03-21 05:45 250,544 ----a-w C:\Program Files\Common Files\keyhelp.ocx
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-01 14:34 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-06-01 14:34 56 --sh--r C:\WINDOWS\system32\802EA058DA.sys
2006-12-18 09:36 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006121820061219\index.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_ 0.52.10.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 02:57:12 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE
- 2007-12-05 12:46:44 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-05 16:53:44 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-05 12:46:44 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 16:53:44 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-06 05:23:02 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 19:55 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-11-27 01:16]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-05-28 14:01]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 18:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 14:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrecisionTime.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk
backup=C:\WINDOWS\pss\PrecisionTime.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2006-10-20 15:34 163576 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 UMSSSTOR;C-Media Storage;C:\WINDOWS\system32\DRIVERS\UMSS.SYS
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 14:32:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 13:23:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 13:29:40 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 00:55
.
--- E O F ---
__________________
i'm psyduck~ confused as ever~
gee_mel12 is offline