Thread: google search redirect and pop up screens
View Single Post
Old 12-07-2008, 11:47 AM   #3 (permalink)
dold5000
Registered User
 
Join Date: Dec 2008
Posts: 15
OS: Windows Xp


Re: google search redirect and pop up screens
thank you

this is the log that i got what do i do next?


____________________________________________________

ComboFix 08-12-06.06 - Abbas 2008-12-07 13:34:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.137 [GMT -5:00]
Running from: c:\documents and settings\Abbas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Abbas\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dpnlobby32.dll
.
---- Previous Run -------
.
c:\windows\system32\3.tmp
c:\windows\system32\dpnlobby32.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-05 12:27 . 2008-12-05 12:27 <DIR> d-------- c:\documents and settings\Abbas\Application Data\Intel
2008-12-05 00:45 . 2008-12-05 00:45 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 00:45 . 2008-12-05 00:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 00:45 . 2008-12-05 00:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-04 10:17 . 2008-12-04 10:17 250 --a------ c:\windows\gmer.ini
2008-12-03 17:24 . 2008-12-03 17:24 373,760 --ahs---- c:\windows\system32\5A.tmp
2008-12-02 09:02 . 2008-12-02 09:02 0 --a------ c:\windows\system32\2C9.tmp
2008-12-02 09:02 . 2008-12-02 09:02 0 --a------ c:\windows\system32\2C8.tmp
2008-12-01 12:26 . 2008-12-01 12:26 4,516 --a------ c:\windows\GnuHashes.ini
2008-12-01 12:19 . 2008-12-01 12:19 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-01 12:19 . 2008-12-01 12:19 373,248 --ahs---- c:\windows\system32\C4.tmp
2008-12-01 12:19 . 2008-12-01 12:19 1,675 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-26 11:53 . 2008-11-26 11:53 <DIR> d-------- c:\windows\Sun
2008-11-25 13:38 . 2008-11-25 13:38 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\scripting
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\en
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\bits
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\l2schemas
2008-11-24 21:11 . 2008-11-24 21:12 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-11-24 20:46 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2008-11-24 20:34 . 2008-11-24 20:34 <DIR> d-------- c:\program files\MagicISO
2008-11-24 20:11 . 2008-11-24 20:13 <DIR> d-------- C:\6aea101b6609a2a9ce341e
2008-11-24 19:25 . 2008-11-24 19:25 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2008-11-24 19:25 . 2008-11-24 19:25 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-24 19:18 . 2008-11-24 21:11 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-11-24 19:18 . 2008-11-25 11:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-24 19:17 . 2008-11-24 19:17 <DIR> d-------- c:\program files\Microsoft SDKs
2008-11-24 19:14 . 2008-11-24 20:13 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\program files\MSBuild
2008-11-24 19:12 . 2008-11-24 19:14 <DIR> d-------- C:\170cb0bfb74d5d670a9a1d5233ae7ea3
2008-11-24 19:12 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-24 19:12 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-24 19:12 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-24 19:12 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-24 19:12 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-24 19:12 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-24 19:12 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-24 19:08 . 2008-11-24 19:08 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-20 21:20 . 2008-11-20 21:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-20 21:00 . 2008-11-20 21:00 <DIR> d-------- c:\program files\NOS
2008-11-20 21:00 . 2008-11-20 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-20 20:33 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-20 20:33 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-20 20:33 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-17 09:29 . 2008-11-17 09:29 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-17 09:28 . 2008-11-17 09:28 <DIR> d-------- c:\program files\Windows Live
2008-11-17 09:28 . 2008-11-17 09:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-17 09:22 . 2008-11-17 09:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-16 23:24 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-16 23:24 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-16 23:24 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-16 23:24 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-16 23:24 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-16 23:24 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-16 23:24 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-16 23:24 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-16 23:24 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-16 23:10 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-16 22:41 . 2008-11-16 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 22:28 . 2008-11-16 22:28 <DIR> d-------- c:\program files\CONEXANT
2008-11-16 22:05 . 2008-11-16 22:05 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-16 22:04 . 2008-11-17 09:17 <DIR> d-------- c:\program files\Norton 360
2008-11-16 22:01 . 2008-11-20 21:00 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-16 22:01 . 2008-11-20 21:00 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-16 22:01 . 2008-11-20 21:00 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-16 22:01 . 2008-11-20 21:00 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-16 22:00 . 2008-11-20 21:00 <DIR> d-------- c:\program files\Symantec
2008-11-16 22:00 . 2008-11-25 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-16 21:57 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2008-11-16 21:50 . 2008-12-07 13:38 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-16 21:47 . 2008-11-16 21:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 21:47 . 2008-11-16 21:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 21:46 . 2008-11-16 21:46 <DIR> d-------- c:\program files\Java
2008-11-16 21:43 . 2008-11-27 20:21 <DIR> d-------- c:\documents and settings\Abbas\Application Data\Symantec
2008-11-16 21:40 . 2008-04-13 19:10 844,314 -----c--- c:\windows\system32\dllcache\msdxm.ocx
2008-11-16 21:27 . 2008-11-16 21:27 <DIR> d-------- c:\program files\Bonjour
2008-11-16 21:17 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-16 21:16 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-16 21:16 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-16 21:16 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-16 21:16 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-16 21:16 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-16 21:16 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-16 21:16 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-16 21:16 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 21:16 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-16 21:16 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-16 21:16 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-16 21:15 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-16 21:14 . 2008-11-27 20:07 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-16 21:12 . 2008-11-16 21:12 0 --a------ c:\windows\nsreg.dat
2008-11-16 21:11 . 2008-11-16 21:12 <DIR> d-------- c:\program files\LimeWire
2008-11-16 21:11 . 2008-11-16 21:11 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-16 21:06 . 2008-11-20 21:14 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Intel
2008-11-16 21:03 . 2008-08-28 23:34 3,632,384 --a------ c:\windows\system32\drivers\NETw5x32.sys
2008-11-16 21:03 . 2008-06-20 10:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll
2008-11-16 21:03 . 2008-06-20 10:32 663,552 --a------ c:\windows\system32\NETw5c32.dll
2008-11-16 21:02 . 2008-11-16 21:02 <DIR> d-------- c:\program files\Common Files\Intel
2008-11-16 21:02 . 2008-11-16 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intel
2008-11-16 20:52 . 2008-11-25 13:30 316,640 --a------ c:\windows\WMSysPr9.prx
2008-11-16 20:50 . 2008-11-16 20:50 <DIR> d-------- c:\windows\provisioning
2008-11-16 20:48 . 2008-11-25 12:59 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-16 20:41 . 2004-07-17 11:40 19,528 --a------ c:\windows\002104_.tmp
2008-11-16 20:40 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-16 20:38 . 2008-11-25 12:36 <DIR> d-------- c:\windows\EHome
2008-11-16 20:11 . 2008-08-21 06:38 20,480 -ra------ c:\windows\system32\drivers\omci.sys
2008-11-16 19:56 . 2007-03-30 19:58 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-16 19:44 . 2007-05-10 10:24 1,222,840 --a------ c:\windows\system32\drivers\sthda.sys
2008-11-16 19:44 . 2008-04-13 14:16 141,056 --a------ c:\windows\system32\drivers\ks.sys
2008-11-16 19:44 . 2008-04-13 19:12 129,536 --a------ c:\windows\system32\ksproxy.ax
2008-11-16 19:44 . 2008-04-13 13:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-16 19:44 . 2008-04-13 13:45 49,408 --a------ c:\windows\system32\drivers\stream.sys
2008-11-16 19:44 . 2008-04-13 19:11 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-16 19:43 . 2008-11-16 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-11-16 19:42 . 2008-11-16 19:42 <DIR> d-------- c:\program files\SigmaTel
2008-11-16 19:42 . 2007-05-10 10:23 270,336 --a------ c:\windows\system32\stacapi.dll
2008-11-16 19:42 . 2007-08-21 09:58 146,944 --a------ c:\windows\system32\st325602.dll
2008-11-16 19:42 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- c:\program files\Broadcom
2008-11-16 19:40 . 2006-11-21 04:25 45,568 -ra------ c:\windows\system32\drivers\bcm4sbxp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:27 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-10-17 15:52 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-03-30 20:00 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-03-30 20:00 138008 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-03-30 19:59 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-10 10:22 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-16 21:46 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 12:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"comHost"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:xbox
"10284:UDP"= 10284:UDP:xbox
"10283:UDP"= 10283:UDP:xbox
"10282:UDP"= 10282:UDP:xbox
"10281:UDP"= 10281:UDP:xbox
"10280:UDP"= 10280:UDP:xbox

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-16 99376]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-20 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{458058c8-b43a-11dd-ae26-8895434315ca}]
\Shell\AutoRun\command - E:\setupSNK.exe

*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca
mStart Page = hxxp://www.google.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Abbas\Application Data\Mozilla\Firefox\Profiles\bphokyq0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:39:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WLDAP32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-12-07 13:44:48 - machine was rebooted [Abbas]
ComboFix-quarantined-files.txt 2008-12-07 18:44:43

Pre-Run: 38,822,068,224 bytes free
Post-Run: 38,812,135,424 bytes free

279 --- E O F --- 2008-11-28 02:11:46
dold5000 is offline