-
Is that the complete Rootkit Unhooker log ?
When you ran the fix with OTL did you include :OTL at the top of the fix, if not run it again please
-
Otl
Sorry Ken, got carried away with excitement...
Done it again and made sure OTL was at the top and there is the resolt;
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Clair and Didi
->Temp folder emptied: 191889 bytes
->Temporary Internet Files folder emptied: 7656244 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 584 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: HarwoodVA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66616 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.20.6 log created on 02162011_171034
Files\Folders moved on Reboot...
C:\Users\Clair and Didi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Clair and Didi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7R58AJ1\showthread[1].htm moved successfully.
C:\Users\Clair and Didi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24KJHKFW\search[1].htm moved successfully.
C:\Users\Clair and Didi\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
-
Great, thanks. I knew something wasn't right
How are things running now ?
-
Seems great thanks soooooo much!!! Just did a scan with Spybot and no more virus or cookies!! That's amazing! However the silly problem about security center stil there but it may be due to Norton??
Thanks again Ken545. Just would like to share something with you, if you don't mind.
I have checked your profile and looked in all the work you have done and really really has inspired me because this is something that I'm really interested on.
I hope I can use your advice in future
-
Hi,
Explain to me exactly whats going on with your Security Center and I can link you to a windows forum to help you fix that.
As far a removing malware, you can join out Malware Removal Classroom over at WhattheTech, we are always looking for new malware fighters and the classroom is free, graduated from there myself about 6 years ago and currently I am a classroom teacher in the classroom
http://forums.whatthetech.com/index.php?showtopic=80368
-
Hi Ken545,
Sounds amazing thanks a lot! I'll definitely go for it.
I'm affraid to inform you that the redirect has started again. My partner uses this laptop for remote work and the 'malware' is affecting websites like www.1shoppingcart.com and others which is affecting dramaticly her work. She can get to the websites but whenever she clicks at any of the tabs or buttons in the those websites nothing happens and little error msg appears at the botton of the page, I wonder if all this has affected java scrip or similar?
I don't know if you can help but that didn't happen before the virtumonde.dll was detected.
Regarding Security Center, if you go into it appears of and when you clikc on a message shows up saying that the Security Center service can't be started. Spybot says that is a virus which is affecting the security center in fact if i go to computer management its disable and i'm constantly put back to automatic it works for a few seconds but it goes again back ti disable.
I hope all this make sence to you and isn't to much of an inconvenience
-
Hi again,
We've just tried to work on FireFox and seems that there are no issues like the ones we experience with internet explorer.... Just to let you know
-
Just restared settings on Internet Explorer and all looks back to normal. Except for the Security Center. But I'm really happy that almost everythin has gone to normal and laptop feels working better and faster.
Thanks so much
-
Hi,
Lets run this program
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
combofix
ComboFix 11-02-17.01 - Clair and Didi 17/02/2011 19:17:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.980 [GMT 0:00]
Running from: c:\users\Clair and Didi\Desktop\Desktop icons don't use often\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Clair and Didi\AppData\Roaming\Adobe\crc.dat
c:\users\Clair and Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Clair and Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Clair and Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Clair and Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Clair and Didi\g2mdlhlpx.exe
c:\windows\struct~.ini
----- BITS: Possible infected sites -----
hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.
2011-02-17 19:32 . 2011-02-17 19:32 -------- d-----w- c:\users\Clair and Didi\AppData\Local\temp
2011-02-17 19:32 . 2011-02-17 19:32 -------- d-----w- c:\users\HarwoodVA\AppData\Local\temp
2011-02-17 12:15 . 2011-02-17 12:15 -------- d-----w- c:\program files\Common Files\Skype
2011-02-16 13:31 . 2011-02-16 13:31 -------- d-----w- C:\_OTL
2011-02-16 11:03 . 2011-02-16 22:40 -------- d-----w- c:\users\Clair and Didi\AppData\Local\Adobe
2011-02-16 10:58 . 2011-02-16 23:16 -------- d-----w- c:\users\Clair and Didi\AppData\Local\NPE
2011-02-16 10:55 . 2011-02-16 10:55 -------- d-----w- c:\users\Clair and Didi\AppData\Roaming\Tific
2011-02-16 10:19 . 2011-02-16 10:19 -------- d-----w- c:\users\Clair and Didi\AppData\Local\Apple
2011-02-15 16:57 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-15 16:57 . 2011-02-15 16:57 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-15 16:57 . 2011-02-15 16:57 -------- d-----w- c:\program files\Symantec
2011-02-15 16:54 . 2011-02-15 16:54 -------- d-----w- c:\windows\system32\drivers\N360
2011-02-15 16:54 . 2011-02-15 16:54 -------- d-----w- c:\program files\Norton 360 Premier Edition
2011-02-15 12:13 . 2011-02-15 12:13 -------- d-----w- c:\programdata\PCSettings
2011-02-15 12:13 . 2011-02-15 12:13 -------- d-----w- c:\programdata\NortonInstaller
2011-02-15 12:13 . 2011-02-15 12:13 -------- d-----w- c:\program files\NortonInstaller
2011-02-15 02:56 . 2011-02-15 02:56 -------- d-----w- c:\users\Clair and Didi\AppData\Roaming\AVG10
2011-02-15 02:54 . 2011-02-15 02:54 -------- d--h--w- c:\programdata\Common Files
2011-02-15 02:51 . 2011-02-15 11:37 -------- d-----w- c:\programdata\AVG10
2011-02-15 02:50 . 2011-02-17 19:06 -------- d-----w- c:\program files\AVG
2011-02-15 02:40 . 2011-02-15 02:51 -------- d-----w- c:\programdata\MFAData
2011-02-15 02:11 . 2011-02-15 02:11 -------- d-----w- c:\users\Clair and Didi\AppData\Local\Threat Expert
2011-02-15 02:06 . 2011-01-07 14:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-02-15 02:06 . 2011-01-07 14:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-02-15 02:06 . 2011-01-07 14:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-02-15 02:06 . 2011-01-07 14:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-02-15 01:59 . 2011-02-15 02:36 -------- d-----w- c:\program files\PC Tools Security
2011-02-14 18:50 . 2011-02-15 02:34 -------- d-----w- c:\programdata\PC Tools
2011-02-13 23:06 . 2011-02-13 23:06 -------- d-----w- c:\program files\VS Revo Group
2011-02-13 19:20 . 2011-02-15 01:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-13 19:20 . 2011-02-13 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-13 18:29 . 2011-02-13 23:33 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-13 18:29 . 2011-02-13 18:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-13 18:24 . 2011-02-13 18:24 -------- d-----w- c:\users\Clair and Didi\AppData\Local\Sunbelt Software
2011-02-13 17:59 . 2011-02-15 01:48 -------- d-----w- c:\programdata\Lavasoft
2011-02-13 17:59 . 2011-02-13 23:29 -------- d-----w- c:\program files\Lavasoft
2011-02-13 15:10 . 2011-02-13 20:21 -------- d-----w- c:\program files\Panda Security
2011-02-12 18:40 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-12 17:54 . 2011-02-12 17:54 59904 --sha-r- c:\windows\system32\NAPCLCFGC.dll
2011-02-11 10:13 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D70C23F-4736-4498-8636-2EE0121FB560}\mpengine.dll
2011-02-09 19:38 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 19:38 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-09 19:38 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-02-09 19:38 . 2011-01-20 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-09 19:38 . 2011-01-20 13:44 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-02-09 19:32 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 19:32 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-07 22:02 . 2011-02-13 22:08 -------- d-----w- c:\program files\Frhed
2011-02-07 21:11 . 2011-02-07 21:22 -------- d-----w- c:\program files\OpenOffice.org 3
2011-02-07 21:10 . 2011-02-07 21:10 -------- d-----w- c:\program files\Common Files\Java
2011-02-07 21:07 . 2011-02-07 21:07 -------- d-----w- c:\program files\Java
2011-01-30 14:57 . 2011-01-30 14:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 14:57 . 2011-01-30 14:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-21 18:36 . 2011-01-21 18:36 -------- d-----w- c:\program files\SmartDoctor
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 17:11 . 2009-10-02 17:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 19:06 . 2007-02-21 20:13 2502656 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Accent WORD Password Recovery\awrdpr.exe
2011-01-06 11:54 . 2011-02-15 02:06 2125 ----a-w- c:\windows\UDB.zip
2010-12-28 15:55 . 2011-01-12 09:32 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2010-01-23 18:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-01-23 18:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 09:31 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-10 13:00 . 2010-12-10 13:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-31 21:47 . 2008-11-09 10:27 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-05-28 01:03 94208 ----a-w- c:\users\Clair and Didi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-05-28 01:03 94208 ----a-w- c:\users\Clair and Didi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-05-28 01:03 94208 ----a-w- c:\users\Clair and Didi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 202024]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
c:\users\Clair and Didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys [x]
R3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCND532.sys [2007-08-08 26656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-02-13 64512]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110216.001\IDSvix86.sys [2010-11-11 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0500000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\5.0.0.125\ccSvcHst.exe [2010-11-24 130000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-15 102448]
--- Other Services/Drivers In Memory ---
*Deregistered* - Normandy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2011-02-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 15:19]
2011-02-17 c:\windows\Tasks\User_Feed_Synchronization-{508EFDC1-88EF-47E2-824C-BD2D6262BAD6}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\Clair and Didi\AppData\Roaming\Mozilla\Firefox\Profiles\icftwr6k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: z: {e132ce4a-1cb1-43f4-8cff-b342d1e81f8a} - c:\program files\Mozilla Firefox\extensions\{e132ce4a-1cb1-43f4-8cff-b342d1e81f8a}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn
.
- - - - ORPHANS REMOVED - - - -
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 19:32
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-17 19:36:52
ComboFix-quarantined-files.txt 2011-02-17 19:36
Pre-Run: 24,725,340,160 bytes free
Post-Run: 24,656,703,488 bytes free
- - End Of File - - C216DC46CA220F05803C323D95888A30
Hope your ok... A couple of redirects today... nothing else
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
