|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
02-24-2008, 12:02 PM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 14
OS: XP SP2
|
URL Redirect. "Search-Daily"
After I use google and click on a link I am redirected to this URL - http://89.149.227.101/click.php?c=bd...492f84abebbe00
Sometimes Im directed to a Search-Daily.com......TIA..... Deckard's System Scanner v20071014.68 Run by James Hale on 2008-02-24 13:48:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 12: 2008-02-24 18:48:48 UTC - RP699 - Deckard's System Scanner Restore Point 11: 2008-02-23 17:43:58 UTC - RP698 - Installed Ad-Aware 2007 10: 2008-02-23 15:34:18 UTC - RP697 - AntiVir PersonalEdition Classic - 2/23/2008 10:34 9: 2008-02-23 03:20:37 UTC - RP696 - AntiVir PersonalEdition Classic - 2/22/2008 22:20 8: 2008-02-22 22:49:15 UTC - RP695 - Windows Defender Checkpoint -- First Restore Point -- 1: 2008-02-21 19:58:34 UTC - RP688 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as James Hale.exe) ------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-24 13:51:46 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\James Hale\Desktop\dss.exe C:\Documents and Settings\James Hale\My Documents\PROGRAM INSTALLS\James Hale.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43EBBB2F-F239-4F14-A67B-53CFF64EF687} - C:\WINDOWS\system32\cmdher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161838111718 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_01) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- End of file - 10015 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\JAMESH~1\MYDOCU~1\PROGRA~1\backups\) -- backup-20080222-220713-227 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20080222-220713-797 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20080223-112005-658 O2 - BHO: (no name) - {43EBBB2F-F239-4F14-A67B-53CFF64EF687} - C:\WINDOWS\system32\cmdher.dll -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ilcffezs - c:\windows\system32\drivers\lmkcjuoo.dat R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver> R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 lgatbus (LG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\lgatbus.sys <Not Verified; MCCI; LG USB Composite Device> S3 lgatmdm (LG CDMA USB Modem Drivers) - c:\windows\system32\drivers\lgatmdm.sys <Not Verified; MCCI; LG CDMA USB Modem> S3 lgatserd (LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)) - c:\windows\system32\drivers\lgatserd.sys <Not Verified; MCCI; LG CDMA USB Modem Diagnostic Serial Port> S3 WnsDrvr - c:\windows\system32\drivers\wnsdrvr.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(TM) Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc> R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02\4&2FA23535&0&00F0 Service: bcm4sbxp -- Scheduled Tasks ------------------------------------------------------------- 2008-02-24 13:41:21 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-02-21 20:57:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-06-04 22:37:18 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job -- Files created between 2008-01-24 and 2008-02-24 ----------------------------- 2008-02-24 11:56:44 0 d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Grisoft 2008-02-24 11:55:49 0 d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Intel 2008-02-24 11:55:48 0 d-------- C:\Documents and Settings\Administrator.LAPTOP\Favorites 2008-02-24 11:55:48 0 d-------- C:\Documents and Settings\Administrator.LAPTOP\Desktop 2008-02-24 11:55:48 0 d--hs---- C:\Documents and Settings\Administrator.LAPTOP\Cookies 2008-02-24 11:55:48 0 dr-h----- C:\Documents and Settings\Administrator.LAPTOP\Application Data 2008-02-24 11:55:48 0 d---s---- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Microsoft 2008-02-24 11:55:47 0 dr-h----- C:\Documents and Settings\Administrator.LAPTOP\SendTo 2008-02-24 11:55:47 0 d--h----- C:\Documents and Settings\Administrator.LAPTOP\Recent 2008-02-24 11:55:47 0 d--h----- C:\Documents and Settings\Administrator.LAPTOP\PrintHood 2008-02-24 11:55:47 0 d--h----- C:\Documents and Settings\Administrator.LAPTOP\NetHood 2008-02-24 11:55:47 0 d-------- C:\Documents and Settings\Administrator.LAPTOP\My Documents 2008-02-24 11:55:47 0 d--h----- C:\Documents and Settings\Administrator.LAPTOP\Local Settings 2008-02-24 11:55:46 0 d--h----- C:\Documents and Settings\Administrator.LAPTOP\Templates 2008-02-24 11:55:46 0 dr------- C:\Documents and Settings\Administrator.LAPTOP\Start Menu 2008-02-24 11:55:45 786432 --ah----- C:\Documents and Settings\Administrator.LAPTOP\NTUSER.DAT 2008-02-24 11:46:37 0 d-------- C:\Documents and Settings\James Hale\Application Data\Grisoft 2008-02-24 11:45:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-23 12:44:00 0 d-------- C:\Program Files\Lavasoft 2008-02-23 12:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-23 12:43:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-23 12:03:50 0 d-------- C:\Documents and Settings\James Hale\Application Data\Lavasoft 2008-02-23 11:12:12 0 d-------- C:\Documents and Settings\James Hale\Application Data\True Sword 2008-02-23 11:11:01 0 d-------- C:\Program Files\True Sword 4 2008-02-22 22:21:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-21 22:03:02 4096 --a------ C:\WINDOWS\d3dx.dat 2008-02-21 16:05:16 691545 --a------ C:\WINDOWS\unins000.exe 2008-02-21 16:05:16 2546 --a------ C:\WINDOWS\unins000.dat 2008-02-21 15:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-21 14:58:49 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2008-02-21 14:56:04 19584 --a------ C:\WINDOWS\system32\drivers\lmkcjuoo.dat 2008-02-21 14:54:21 106240 --a------ C:\WINDOWS\system32\cmdher.dll 2008-02-20 21:29:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2008-02-12 18:55:54 0 d-------- C:\Program Files\iPod 2008-01-24 21:38:12 0 d-------- C:\Documents and Settings\James Hale\Application Data\Stamps.com Internet Postage 2008-01-24 21:36:47 36 --ah----- C:\WINDOWS\system32\f9t.dat 2008-01-24 21:36:47 0 d-------- C:\Program Files\Stamps.com Internet Postage -- Find3M Report --------------------------------------------------------------- 2008-02-23 14:16:12 0 d-------- C:\Documents and Settings\James Hale\Application Data\RipIt4Me 2008-02-23 12:43:25 0 d-------- C:\Program Files\Common Files 2008-02-22 12:32:20 0 d-------- C:\Program Files\Common Files\Adobe 2008-02-21 23:19:14 0 d-------- C:\Documents and Settings\James Hale\Application Data\PlayFirst 2008-02-21 14:55:55 209 --a------ C:\Documents and Settings\James Hale\Application Data\urlredir.cfg 2008-02-12 18:58:18 0 d-------- C:\Program Files\Apple Software Update 2008-02-12 18:56:15 0 d-------- C:\Program Files\iTunes 2008-02-12 18:54:17 0 d-------- C:\Program Files\QuickTime 2008-02-03 14:16:42 0 d-------- C:\Program Files\AviSynth 2.5 2008-02-03 14:07:42 551 --a------ C:\Documents and Settings\James Hale\Application Data\AutoGK.ini 2008-01-26 10:34:06 0 d-------- C:\Documents and Settings\James Hale\Application Data\Adobe 2008-01-18 18:10:33 0 d-------- C:\Program Files\F-Secure Internet Security 2008-01-14 23:14:57 0 d-------- C:\Program Files\Winamp 2008-01-12 20:27:48 0 d-------- C:\Program Files\BitPim 2008-01-12 17:29:21 0 d-------- C:\Documents and Settings\James Hale\Application Data\DivX 2008-01-12 16:59:25 0 d-------- C:\Program Files\DivX 2008-01-12 16:51:30 0 d-------- C:\Program Files\Xvid 2008-01-06 19:39:23 0 d-------- C:\Program Files\Power Hour Sports Edition 2008-01-04 16:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 16:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-01-04 16:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-01-04 16:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 16:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-01-04 16:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 16:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-04 16:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-30 14:31:18 0 d-------- C:\Program Files\mIRC 2007-12-21 09:39:14 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL> 2007-12-12 16:29:35 2 --a------ C:\Documents and Settings\James Hale\Application Data\7zip_progress_8153685E-1510-46DA-8648-88597DF79041.txt -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43EBBB2F-F239-4F14-A67B-53CFF64EF687}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 02:49 AM] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [06/29/2006 11:13 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 02:18 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 07:25 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Anti-Virus 2006.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F-Secure Anti-Virus 2006.lnk backup=C:\WINDOWS\pss\F-Secure Anti-Virus 2006.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^James Hale^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\James Hale\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 7966 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-24 13:53:15 ------------ |
|
     |
|
02-28-2008, 10:47 AM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,757
OS: 2000 Pro; XP Pro; XP Home
|
Re: URL Redirect. "Search-Daily"
I don't see any AntiVirus protection installed on this machine. Why is that? What happened to Avira AntiVir?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
02-28-2008, 03:37 PM
|
#4 (permalink) | |
|
Registered User
Join Date: Feb 2008
Posts: 14
OS: XP SP2
|
Re: URL Redirect. "Search-Daily"
Quote:
 |
|
|
|
|
|
02-28-2008, 03:58 PM
|
#5 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,757
OS: 2000 Pro; XP Pro; XP Home
|
Re: URL Redirect. "Search-Daily"
Quote:
Please download HijackThis to your desktop Alternate link Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless. --------------------------------------------------------------------------------------------- I'll be glad to help you with the infection, just trying to establish the level of protection installed on this machine.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
02-28-2008, 04:07 PM
|
#6 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 14
OS: XP SP2
|
Re: URL Redirect. "Search-Daily"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:12 PM, on 2/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43EBBB2F-F239-4F14-A67B-53CFF64EF687} - C:\WINDOWS\system32\cmdher.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1161838111718 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8794 bytes |
|
|
|
|
02-28-2008, 04:10 PM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,757
OS: 2000 Pro; XP Pro; XP Home
|
Re: URL Redirect. "Search-Daily"
We will be installing an AntiVirus later, as part of this cleaning procedure. You may have mistaken AVG AntiSpyware for an AntiVirus application, but it is not.
AntiVir is an excellent choice, I'd recommend that one, but for now, please do this: Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. If you have any questions along the way, STOP and ask them before proceeding.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
02-28-2008, 06:43 PM
|
#8 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 14
OS: XP SP2
|
Re: URL Redirect. "Search-Daily"
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons |
|
|
|
|
02-28-2008, 06:47 PM
|
#9 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,757
OS: 2000 Pro; XP Pro; XP Home
|
Re: URL Redirect. "Search-Daily"
very good, continue on with the rest of the instructions, please, picking up here:
Quote:
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
02-28-2008, 07:24 PM
|
#10 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 14
OS: XP SP2
|
Re: URL Redirect. "Search-Daily"
ComboFix 08-02-25.3 - James Hale 2008-02-28 21:12:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1543 [GMT -5:00] Running from: C:\Documents and Settings\James Hale\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\cmdher.dll C:\WINDOWS\system32\drivers\lmkcjuoo.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ILCFFEZS -------\ilcffezs ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))) . 2008-02-28 18:06 . 2008-02-28 18:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-26 22:35 . 2008-02-26 22:51 <DIR> d-------- C:\I_COULD_NEVER_BE_YOUR_WOMAN 2008-02-25 16:14 . 2008-02-25 16:14 <DIR> d-------- C:\Program Files\iTunes 2008-02-25 16:14 . 2008-02-25 16:14 <DIR> d-------- C:\Program Files\iPod 2008-02-25 16:13 . 2008-02-25 16:13 <DIR> d-------- C:\Program Files\Bonjour 2008-02-25 16:12 . 2008-02-25 16:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-02-24 14:55 . 2008-02-24 14:55 <DIR> d-------- C:\Program Files\Yahoo! Games 2008-02-24 13:48 . 2008-02-24 13:48 <DIR> d-------- C:\Deckard 2008-02-24 11:56 . 2008-02-24 11:56 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Grisoft 2008-02-24 11:55 . 2006-11-05 12:57 <DIR> d-------- C:\Documents and Settings\Administrator.LAPTOP\Application Data\Intel 2008-02-24 11:46 . 2008-02-24 11:46 <DIR> d-------- C:\Documents and Settings\James Hale\Application Data\Grisoft 2008-02-24 11:45 . 2008-02-24 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-24 11:45 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-23 12:44 . 2008-02-23 12:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-23 12:43 . 2008-02-23 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-23 12:43 . 2008-02-23 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-23 12:03 . 2008-02-23 12:43 <DIR> d-------- C:\Documents and Settings\James Hale\Application Data\Lavasoft 2008-02-23 11:12 . 2008-02-23 11:12 <DIR> d-------- C:\Documents and Settings\James Hale\Application Data\True Sword 2008-02-23 11:11 . 2008-02-23 12:46 <DIR> d-------- C:\Program Files\True Sword 4 2008-02-22 22:21 . 2008-02-22 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-21 22:03 . 2008-02-21 22:03 4,096 --a------ C:\WINDOWS\d3dx.dat 2008-02-21 16:05 . 2008-02-21 16:02 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-21 16:05 . 2008-02-21 16:05 2,546 --a------ C:\WINDOWS\unins000.dat 2008-02-21 15:52 . 2008-02-21 16:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-21 15:52 . 2008-02-21 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-21 14:58 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2008-02-20 21:29 . 2008-02-20 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 03:51 --------- d-----w C:\Documents and Settings\James Hale\Application Data\RipIt4Me 2008-02-27 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-25 02:24 --------- d-----w C:\Program Files\mIRC 2008-02-22 17:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-22 04:19 --------- d-----w C:\Documents and Settings\James Hale\Application Data\PlayFirst 2008-02-22 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-02-12 23:58 --------- d-----w C:\Program Files\Apple Software Update 2008-02-12 23:54 --------- d-----w C:\Program Files\QuickTime 2008-02-03 19:16 --------- d-----w C:\Program Files\AviSynth 2.5 2008-01-26 16:27 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2008-01-25 02:38 --------- d-----w C:\Documents and Settings\James Hale\Application Data\Stamps.com Internet Postage 2008-01-18 23:10 --------- d-----w C:\Program Files\F-Secure Internet Security 2008-01-15 04:14 --------- d-----w C:\Program Files\Winamp 2008-01-13 01:27 --------- d-----w C:\Program Files\BitPim 2008-01-12 22:29 --------- d-----w C:\Documents and Settings\James Hale\Application Data\DivX 2008-01-12 21:59 --------- d-----w C:\Program Files\DivX 2008-01-12 21:51 --------- d-----w C:\Program Files\Xvid 2008-01-07 00:39 --------- d-----w C:\Program Files\Power Hour Sports Edition . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 19:25 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 11:13 1032192] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure Anti-Virus 2006.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F-Secure Anti-Virus 2006.lnk backup=C:\WINDOWS\pss\F-Secure Anti-Virus 2006.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^James Hale^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\James Hale\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCA |
