Mivercon Security Forum
›
HijackThis Forum
›
Submit your HijackThislog here
Search Engine resulta are being redirected.
Search Engine resulta are being redirected.
|
Search Engine resulta are being redirected.
|
|
18-04-2010, 03:19
Bericht: #1
|
|||
|
|||
|
Search Engine resulta are being redirected.
Hi,
When I use search engines such as google or yahoo I am redirected to advertising websites. My anti-virus program is ZoneAlarm. Any help would be much appreciated. Here is my HiJackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:04:59 PM, on 17/04/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0C8DA4-495A-4574-865B-73E063742C83}: NameServer = 208.67.222.222,208.67.220.220 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7284 bytes Thanks, Oren |
|||
|
|
19-04-2010, 20:16
Bericht: #2
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi,
* Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Microsoft MVP - Consumer Security ![[Afbeelding: mvp.gif]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mvp.gif) Assistant Director of Research @ Malwarebytes ![[Afbeelding: mbammini.png]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mbammini.png) AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![[Afbeelding: MiekiemoesBlog.2.gif]](http://feeds.feedburner.com/MiekiemoesBlog.2.gif)
|
|||
|
|
20-04-2010, 04:54
Bericht: #3
|
|||
|
|||
|
New HijackThis and MBAM Logs.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:01 PM, on 19/04/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa....yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0C8DA4-495A-4574-865B-73E063742C83}: NameServer = 208.67.222.222,208.67.220.220 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7287 bytes ====================================== MBAM Malwarebytes' Anti-Malware 1.45 http://www.malwarebytes.org Database version: 4010 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 19/04/2010 10:42:57 PM mbam-log-2010-04-19 (22-42-57).txt Scan type: Quick scan Objects scanned: 113617 Time elapsed: 9 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks, Oren (19-04-2010 20:16)miekiemoes schreef: Hi, |
|||
|
|
|
20-04-2010, 07:48
Bericht: #4
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi,
* Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix...e-combofix Post the log from ComboFix in your next reply. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how. Microsoft MVP - Consumer Security Assistant Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
22-04-2010, 01:57
Bericht: #5
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi
Here is my combofix log: ComboFix 10-04-21.01 - Debbie 21/04/2010 19:08:09.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.360 [GMT -4:00] Running from: c:\users\Debbie\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Security Suite Anti-Spyware *enabled* (Updated) {F245A209-1085-48B4-B927-35D56015EC60} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3094377688-3367413740-2491208287-500 c:\users\Debbie\AppData\Roaming\EurekaLog c:\users\Debbie\AppData\Roaming\EurekaLog\EurekaLog.ini c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\drivers\etc\lmhosts . ((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 ))))))))))))))))))))))))))))))) . 2010-04-21 23:29 . 2010-04-21 23:31 -------- d-----w- c:\users\Debbie\AppData\Local\temp 2010-04-21 23:29 . 2010-04-21 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-21 02:34 . 2010-04-21 02:35 -------- d-----w- c:\program files\Market Samurai 2010-04-20 18:34 . 2010-04-20 18:34 -------- d-----w- c:\users\Debbie\AppData\Roaming\SUPERAntiSpyware.com 2010-04-20 18:34 . 2010-04-20 18:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-04-18 00:02 . 2010-04-18 00:02 -------- d-----w- c:\program files\Trend Micro 2010-04-15 13:10 . 2010-04-16 02:27 -------- d-----w- c:\windows\system32\MpEngineStore 2010-04-14 11:06 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 11:06 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 11:06 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 11:05 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 11:05 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 11:05 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 11:05 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 10:58 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 10:57 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-13 12:22 . 2010-04-13 12:22 -------- d-----w- c:\users\Debbie\AppData\Roaming\Malwarebytes 2010-04-13 12:21 . 2010-04-13 12:21 -------- d-----w- c:\programdata\Malwarebytes 2010-04-08 20:04 . 2010-04-08 20:05 -------- d-----w- C:\ClickBank-Camp 2010-04-08 20:04 . 2010-04-08 20:04 -------- d-----w- C:\New Folder 2010-04-08 11:34 . 2009-10-12 22:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-03-31 02:13 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-31 02:13 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-31 00:54 . 2010-03-31 00:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-28 02:20 . 2010-03-28 02:21 -------- d-----w- C:\Adsense Articles 2010-03-26 15:08 . 2010-03-26 15:08 -------- d-----w- C:\desktop 2010-03-23 22:56 . 2010-03-24 14:10 -------- d-----w- C:\Auto-Blog . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-21 22:50 . 2009-03-24 14:12 -------- d-----w- c:\users\Debbie\AppData\Roaming\Skype 2010-04-21 20:46 . 2008-10-17 00:24 60744 ----a-w- c:\users\Debbie\g2mdlhlpx.exe 2010-04-21 17:59 . 2008-08-22 22:28 -------- d-----w- c:\users\Debbie\AppData\Roaming\FileZilla 2010-04-21 03:54 . 2010-04-21 10:55 136192 ----a-w- c:\windows\Internet Logs\xDBC0BF.tmp 2010-04-20 11:41 . 2010-04-20 13:57 204288 ----a-w- c:\windows\Internet Logs\xDB1582.tmp 2010-04-17 02:38 . 2010-04-17 12:10 479232 ----a-w- c:\windows\Internet Logs\xDBBAD6.tmp 2010-04-15 12:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-15 12:03 . 2007-05-09 17:05 -------- d-----w- c:\programdata\Microsoft Help 2010-04-15 11:43 . 2008-08-23 09:54 42572201 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-04-13 15:30 . 2009-08-26 03:53 -------- d-----w- c:\programdata\Keyword Elite 2.0 2010-04-09 03:18 . 2010-04-09 10:51 326656 ----a-w- c:\windows\Internet Logs\xDB980A.tmp 2010-04-08 11:34 . 2008-01-04 00:10 421535 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2010-04-08 11:25 . 2007-05-09 17:20 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-05 05:49 . 2010-04-05 12:14 71680 ----a-w- c:\windows\Internet Logs\xDB847B.tmp 2010-04-03 21:27 . 2010-04-04 01:23 143872 ----a-w- c:\windows\Internet Logs\xDB84D8.tmp 2010-04-01 04:04 . 2010-04-01 11:03 413696 ----a-w- c:\windows\Internet Logs\xDBCDB.tmp 2010-03-31 00:56 . 2007-05-09 17:23 -------- d-----w- c:\program files\Common Files\Java 2010-03-31 00:52 . 2007-05-09 17:23 -------- d-----w- c:\program files\Java 2010-03-29 15:08 . 2008-09-25 19:31 -------- d-----w- c:\program files\FileZilla FTP Client 2010-03-26 11:51 . 2010-03-09 23:29 -------- d-----w- c:\program files\S3 Ripper 2010-03-24 23:10 . 2008-01-04 00:12 72584 ----a-w- c:\windows\zllsputility.exe 2010-03-24 23:10 . 2008-09-06 00:04 1238408 ----a-w- c:\windows\system32\zpeng25.dll 2010-03-24 23:10 . 2008-09-06 00:05 69000 ----a-w- c:\windows\system32\zlcomm.dll 2010-03-24 23:10 . 2008-09-06 00:05 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2010-03-24 14:36 . 2008-03-22 02:49 461000 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2010-03-24 02:54 . 2010-03-24 10:54 468992 ----a-w- c:\windows\Internet Logs\xDB869C.tmp 2010-03-11 04:14 . 2010-03-11 11:34 194560 ----a-w- c:\windows\Internet Logs\xDB142B.tmp 2010-03-10 22:21 . 2010-03-10 22:21 -------- d-----w- c:\program files\7-Zip 2010-03-10 04:08 . 2010-03-10 11:43 141824 ----a-w- c:\windows\Internet Logs\xDB83BF.tmp 2010-03-07 04:34 . 2010-03-07 12:34 59392 ----a-w- c:\windows\Internet Logs\xDB80C3.tmp 2010-03-06 04:14 . 2010-03-06 12:38 145408 ----a-w- c:\windows\Internet Logs\xDB8304.tmp 2010-03-03 07:09 . 2010-03-03 11:54 715776 ----a-w- c:\windows\Internet Logs\xDB8094.tmp 2010-03-01 15:52 . 2010-03-01 15:52 -------- d-----w- c:\program files\KeywordBlueprint 2010-02-26 01:10 . 2007-09-24 04:32 114056 ----a-w- c:\users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 14:16 . 2009-10-03 08:19 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:06 . 2010-03-11 11:48 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 11:48 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 11:48 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-20 15:43 . 2010-02-20 19:49 787968 ----a-w- c:\windows\Internet Logs\xDB890D.tmp 2010-02-13 16:59 . 2009-10-27 16:51 38784 ----a-w- c:\users\Debbie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-13 16:59 . 2009-08-26 17:51 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-05 20:53 . 2010-02-05 20:53 6493405 ----a-w- c:\programdata\Keyword Elite 2.0\KE_setup2062.exe 2010-02-02 18:03 . 2010-02-02 19:00 87040 ----a-w- c:\windows\Internet Logs\xDB8F43.tmp 2010-02-01 03:37 . 2010-02-01 12:45 147968 ----a-w- c:\windows\Internet Logs\xDB81CC.tmp 2010-01-28 05:27 . 2010-01-28 12:35 53760 ----a-w- c:\windows\Internet Logs\xDB842C.tmp 2010-01-27 03:25 . 2010-01-27 10:59 200704 ----a-w- c:\windows\Internet Logs\xDB8120.tmp 2010-01-25 12:00 . 2010-02-24 12:36 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 12:36 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 12:36 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 12:36 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 12:36 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 12:36 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 12:36 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 12:36 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 12:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 12:37 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-22 11:50 . 2010-01-22 11:50 192748 ---ha-w- c:\windows\system32\mlfcache.dat 2010-01-22 03:16 . 2010-01-22 11:20 83456 ----a-w- c:\windows\Internet Logs\xDB819D.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-10-08 21:18 77824 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-03-24 1038728] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] 2007-01-17 21:46 534648 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2006-09-11 06:21 180224 ----a-w- c:\program files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-03-22 01:23 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-03-13 03:34 154392 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2006-12-08 00:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup] 2006-11-01 15:06 413696 ----a-w- c:\program files\TOSHIBA\Utilities\HWSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-03-13 03:34 138008 ----a-w- c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] 2006-11-07 00:14 34352 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2007-01-09 05:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-10-11 16:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-03-13 03:34 133912 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\reminder] 2007-05-16 21:20 407672 ----a-w- c:\program files\TOSHIBA\reminder\reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-02-15 09:07 4390912 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2007-01-19 06:24 448632 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 17:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-05-09 17:23 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] 2006-03-23 04:42 438272 ----a-w- c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-11-11 19:17 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2006-12-20 07:16 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):6d,d1,91,d2,4c,3c,ca,01 R3 SASENUM;SASENUM;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x] R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640] S1 SASDIFSV;SASDIFSV;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\users\Debbie\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{BDFFA7BE-FA1F-4BE1-9652-FF80658753EC}.job - c:\windows\system32\msfeedssync.exe [2008-07-20 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {DD0C8DA4-495A-4574-865B-73E063742C83} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en FF - component: c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7888xl2.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\users\Debbie\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-NDSTray - NDSTray.exe AddRemove-MKSAP 14 - f:\mksap 14\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-21 19:31 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x8E6318C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x891f2d24 \Driver\ACPI -> acpi.sys @ 0x85242d68 \Driver\atapi -> atapi.sys @ 0x8538b9b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:11020054 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:09001b77 "Dhcpv6State"=dword:00000000 "NameServer"="" "Domain"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:080016d4 "Dhcpv6State"=dword:00000000 "Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00, ff,ff,ff,7f,00,01,00,01,0e,97,f2,5c,00,1b,77,77,35,bc,00,00,17,00,00,00,00,\ "NameServer"="" "Domain"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 . Completion time: 2010-04-21 19:40:13 ComboFix-quarantined-files.txt 2010-04-21 23:40 Pre-Run: 97,735,991,296 bytes free Post-Run: 105,349,419,008 bytes free Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4,185 - - End Of File - - 1DC7B24B622B2AC171CB6C296C177385 Thanks again. ================================================ (20-04-2010 07:48)miekiemoes schreef: Hi, |
|||
|
|
|
22-04-2010, 07:32
Bericht: #6
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi,
Download GMER's application from here: http://www.majorgeeks.com/GMER_d5198.html Unzip it and start the GMER.exe Click the Rootkit tab and click the Scan button. Once done, click the Copy button. This will copy the results to your clipboard. Paste the results in your next reply. Warning ! Please, do not select the "Show all" checkbox during the scan. If you're having problems with running GMER.exe, try it in safe mode. Microsoft MVP - Consumer Security Assistant Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
23-04-2010, 01:45
Bericht: #7
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi Miekiemoes,
Here is my ROOTKIT Log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-22 19:34:31 Windows 6.0.6002 Service Pack 2 Running: gmer.exe; Driver: C:\Users\Debbie\AppData\Local\Temp\kfryapog.sys ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x85399000] .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8904E000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89097000, 0x510, 0x40000040] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74157817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7415BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7414F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7414E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74188395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7415DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7414FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7414FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7417C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7414D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74146853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7414687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1068] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74152AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]} Device \Driver\atapi \Device\Ide\IdePort0 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]} Device \Driver\atapi \Device\Ide\IdePort1 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 [853959B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]} ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6Iaid 285343828 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6Iaid 151001975 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6Iaid 134223572 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6Iaid 285343828 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{12f462b3-7738-4780-aa3a-b68c2056f22b}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6Iaid 151001975 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@NameServer Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{5c998a30-95f6-4835-b5d6-f2b7e4070b9e}@Domain Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6Iaid 134223572 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Dhcpv6State 0 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@NameServer Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{dd0c8da4-495a-4574-865b-73e063742c83}@Domain Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450 Reg HKLM\SYSTEM\ControlSet005\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Thanks, Oren =============================================== (22-04-2010 07:32)miekiemoes schreef: Hi, |
|||
|
|
|
23-04-2010, 08:03
Bericht: #8
|
|||
|
|||
|
RE: Search Engine resulta are being redirected.
Hi,
Please download and run the following removal tool: http://download.norman.no/public/Norman_...leaner.exe (This also as a test how it behaves on Vista) * Double-click on Norman_TDSS_Cleaner.exe to run the tool. * Read the agreement and click Accept. * When the program window opens, click Start scan. * After the scan has finished, a log file named NFix_date_time (i.e. NFix_2010-04-22_00-32-32.log) will be created on your desktop with the results. * Copy and paste the contents of that file in your next reply. Note: In some cases you may be prompted to restart the computer to completely remove an infection. Microsoft MVP - Consumer Security Assistant Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
|
Gebruikers die deze discussie lezen: 1 gast(en)