Jump to content

UpThePosh

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. UpThePosh
    I'm guessing it's fixed now as it hasn't been back for 9 days. Thank you very much for helping me screen317, I really do appreciate it!
  2. UpThePosh
    It's been 5 days now and my homepage hasn't changed to about:blank yet!!! That's the longest it's gone since I first had the problem. But, I did notice today when I opened a link in a new tab for a split second it read about:blank (in the tab) before proceeding to the webpage. Not sure if that's a sign it will come back or not. I think that's what used to happen just before my homepage gets changed. So, I'm wondering whether it's worth you leaving this topic open for a week to see if it does come back?! Thanks again for your help.
  3. UpThePosh
    Ok, done all that, but not tried firefox yet. Waiting to see if it comes back to IE9 first. My homepage hasn't changed to about:blank for 72 hours now. Hopefully if it lasts to Monday, I guess it's fixed. I will post back to update, thanks for your help.
  4. UpThePosh
    Hi screen317, Thanks for your help so far. I use those 2 toolbars so don't really want to uninstall them. Ran the TFC by OldTimer. It cleared 130MB. ESET scan found no threats. Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK (not sure if that is correct log but that was only thing there called log, the scan ran for 2 hours and found nothing) Security Check log: Results of screen317's Security Check version 0.99.43 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner JavaFX 2.1.1 Java 7 Update 5 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader X (10.1.3) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! ````````````````````End of Log`````````````````````` Not really sure if my problem is fixed yet because it normally takes 2-4 days for my homepage to get changed/hijacked to about:blank after I keep resetting it. It changed this Saturday just gone, and then changed again today (Weds) this morning (UK time)so will have to wait a while to see if it's fixed. I don't understand any of the logs I've posted. Do they say they've found/fixed any problems anywhere? Also, I don't seem to get any of the usual symptoms of a hijacked browser (ie redirects, pop ups, changed favorites, etc) just my homepage keeps changing. I read a thread earlier where someone keeps getting redirected to weird pages when their using amazon. Should I mess about on Amazon to see if I get redirected? Are there any other sites I could try that are prone to getting the re-directs? Thanks again for your help!!!
  5. UpThePosh
    Hi screen317, Please find below the 2 new logs. Both were run with Anti-Virus and Firewall turned off. One thing I noticed was the ComboFix log was not saved automatically to where it said it would. There are 2 other files there: PEV (Application) and snapshot.00.dat. ComboFix log: ComboFix 12-07-26.03 - Alistair 25/07/2012 17:39:26.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.874 [GMT 1:00] Running from: c:\users\Alistair\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Alistair\CleanUp.exe c:\users\Alistair\GoToAssistDownloadHelper.exe c:\users\Alistair\PGDetector.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-25 16:54 . 2012-07-25 16:54 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-07-25 16:54 . 2012-07-25 16:54 -------- d-----w- c:\users\postgres.Alistair-PC\AppData\Local\temp 2012-07-25 16:54 . 2012-07-25 16:54 -------- d-----w- c:\users\postgres.Alistair-PC.000\AppData\Local\temp 2012-07-25 16:54 . 2012-07-25 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 10:07 . 2012-07-20 10:07 -------- d-----w- c:\program files\CCleaner 2012-07-19 14:21 . 2012-07-19 14:21 -------- d-----w- c:\users\Alistair\AppData\Roaming\SUPERAntiSpyware.com 2012-07-19 14:19 . 2012-07-25 13:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-19 14:19 . 2012-07-19 14:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-18 08:50 . 2012-07-18 08:50 -------- d-----w- c:\users\Alistair\AppData\Roaming\Malwarebytes 2012-07-18 08:48 . 2012-07-18 08:48 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 08:48 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 08:48 . 2012-07-18 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-11 10:28 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 10:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 10:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 10:12 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 10:12 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 10:12 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-08 06:19 . 2012-07-08 06:19 65752 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-06-30 13:35 . 2012-06-30 13:35 -------- d-----w- c:\program files\Common Files\Java 2012-06-30 13:34 . 2012-06-30 13:34 -------- d-----w- c:\program files\Oracle 2012-06-30 13:33 . 2012-05-04 18:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-15 07:37 . 2012-04-01 08:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-15 07:37 . 2011-06-03 13:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-03 17:45 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-02 22:19 . 2012-06-23 09:43 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-23 09:43 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-23 09:42 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-23 09:42 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-23 09:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-23 09:43 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-23 09:42 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-23 09:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12 . 2012-06-23 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-04 18:29 . 2010-06-07 16:19 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-01 14:03 . 2012-06-15 13:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-09-21 2735200] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2010-09-21 2735200] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2007-06-10 00:12 118784 ----a-w- c:\program files\Apoint\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service] 2010-06-26 17:09 167936 ----a-w- c:\program files\Freecorder\FLVSrvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-07-28 18:20 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-06-30 01:06 154136 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-06-30 01:07 137752 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe] 2007-06-12 01:27 317560 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe] 2012-03-21 20:16 1318816 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup] 2011-01-24 18:35 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI] 2008-11-05 07:32 262144 ----a-w- c:\program files\Sony\Network Utility\LANUtil.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-06-30 01:07 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-06-26 00:39 4489216 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-01-01 21:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-06-03 17:45 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO *Deregistered* - mfeavfk01 *Deregistered* - RapportIaso . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:56] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 09:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en uInternet Settings,ProxyOverride = *.local IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . . ------- File Associations ------- . . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-25 17:54 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b4 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2012-07-25 17:58:16 ComboFix-quarantined-files.txt 2012-07-25 16:58 . Pre-Run: 53,721,444,352 bytes free Post-Run: 53,019,439,104 bytes free . - - End Of File - - 6FA1934612BBF2BD48A61FC891F45E87 New DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Alistair at 18:01:22 on 2012-07-25 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.776 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\igfxext.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\ComboFix\PEV.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120622110946.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\partygaming\partycasino\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{808E30BC-1DA5-4992-BC60-0B9F0AF50CD1} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-7-8 65752] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-4-13 64912] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-4-13 169608] R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-7-8 71480] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-7-8 166840] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-4-13 166288] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-4-13 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-13 151880] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-2-9 299008] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-7-8 976728] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-4-13 57600] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-4-13 180848] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-4-13 340920] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-1 812544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-1 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-4-13 59456] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-4-13 87656] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-8-14 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-8-14 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-8-14 1089536] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2010-5-11 480624] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2010-5-11 83312] S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-5-11 792976] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-07-25 16:58:28 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-25 16:35:53 98816 ----a-w- c:\windows\sed.exe 2012-07-25 16:35:53 518144 ----a-w- c:\windows\SWREG.exe 2012-07-25 16:35:53 256000 ----a-w- c:\windows\PEV.exe 2012-07-25 16:35:53 208896 ----a-w- c:\windows\MBR.exe 2012-07-25 16:35:46 -------- d-----w- C:\ComboFix 2012-07-20 10:07:36 -------- d-----w- c:\program files\CCleaner 2012-07-19 14:21:04 -------- d-----w- c:\users\alistair\appdata\roaming\SUPERAntiSpyware.com 2012-07-19 14:19:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-19 14:19:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-18 08:50:30 -------- d-----w- c:\users\alistair\appdata\roaming\Malwarebytes 2012-07-18 08:48:44 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 08:48:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 08:48:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-11 10:28:16 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:13:52 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 10:13:40 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 10:13:40 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 10:12:33 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 10:12:32 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 10:12:32 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-08 06:19:18 65752 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-06-30 13:34:33 -------- d-----w- c:\program files\Oracle 2012-06-30 13:33:46 772504 ----a-w- c:\windows\system32\npDeployJava1.dll . ==================== Find3M ==================== . 2012-07-15 07:37:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-15 07:37:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-03 17:45:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 18:02:04.38 ===============
  6. UpThePosh
    Hi, here is the DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Alistair at 16:57:32 on 2012-07-25 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.689 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\igfxext.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en uSearch Bar = Preserve mDefault_Page_URL = hxxp://www.club-vaio.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120622110946.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [<NO NAME>] uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\partygaming\partycasino\RunApp.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{808E30BC-1DA5-4992-BC60-0B9F0AF50CD1} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-7-8 65752] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-4-13 64912] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-4-13 169608] R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-7-8 71480] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-7-8 166840] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-13 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-4-13 166288] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-4-13 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-4-13 151880] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-2-9 299008] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2009-12-10 65536] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-7-8 976728] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-4-13 57600] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-4-13 180848] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-4-13 59456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-4-13 340920] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-1 812544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-1 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-4-13 87656] . =============== Created Last 30 ================ . 2012-07-20 10:07:36 -------- d-----w- c:\program files\CCleaner 2012-07-19 14:21:04 -------- d-----w- c:\users\alistair\appdata\roaming\SUPERAntiSpyware.com 2012-07-19 14:19:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-19 14:19:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-18 08:50:30 -------- d-----w- c:\users\alistair\appdata\roaming\Malwarebytes 2012-07-18 08:48:44 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 08:48:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 08:48:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-11 10:28:16 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:13:52 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 10:13:40 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 10:13:40 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 10:12:33 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 10:12:32 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 10:12:32 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-08 06:19:18 65752 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-06-30 13:34:33 -------- d-----w- c:\program files\Oracle 2012-06-30 13:33:46 772504 ----a-w- c:\windows\system32\npDeployJava1.dll . ==================== Find3M ==================== . 2012-07-15 07:37:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-15 07:37:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-03 17:45:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-04 18:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 17:00:03.41 ===============
  7. UpThePosh
    Hi, thanks for your fast reply. Here is the MBAM log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.25.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Alistair :: ALISTAIR-PC [administrator] 25/07/2012 16:27:14 mbam-log-2012-07-25 (16-27-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256868 Time elapsed: 11 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) When I followed the DDS link Mcaffe site advisor popped up saying this: Warning: Dangerous Site Whoa! Are you sure you want to go there? http://download.bleepingcomputer.com/sUBs/dds.scr may be risky to visit. Why were you redirected to this page? When we visited this site, we found it exhibited one or more risky behaviors. Should I still do that part?!
  8. UpThePosh
    Hello, I've got a weird recurring problem with the 'about:blank' browser hijacker. About 2 weeks ago, I noticed my homepage in Internet Explorer 9 had changed to about:blank for some reason. I changed it back to google and then 2 or 3 days later it had changed back to about:blank. I don't know if this is related to my about:blank problem or not, but I've noticed my desktop icons seem to refresh sometimes when I'm loading a webpage and minimize the browser. So I did some searches about this on the internet and found I probably had the 'about:blank' browser hijacker and followed the advice I could find. I already have Mcafee Internet Security running constantly so I did a full scan and nothing bad showed up. I then downloaded MalwareBytes and ran a full scan and it found a 'Hijacker.Application' and removed/repaired the 2 files it found that were a problem as below: Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft....Id=57426&Ext=%s -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeope...m/?n=app&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and repaired successfully. Then 2 or 3 days later the about:blank problem came back. I've read that this problem is meant to redirect me to a dodgy search engine, or give me loads of pop-ups, or redirect me to pages that look like the real desired page but aren't, etc. I don't 'seem' to have any of these problems, just the fact that my homepage keeps changing (every 2 or 3 days) to about:blank. So, I then downloaded SUPERAntiSpyware and ran a full scan, nothing showed up. Ran Malware Bytes again and McAfee, nothing showed up. Did these 3 different full scans multiple times even tried using the 'rkill' program thing before running them, and tried running them in Safe Mode to see if that would find anything harmful, but nothing was found. I have also reset my Internet settings to see if that worked, but it hasn't. Also have done a full scan with 2 x Microsoft scans with nothing found. So, the problem is back again today and I have no idea what to do now to get rid of it. Has anyone else experienced this? I don't even know if I need to be worried or not, because all that I can see is happening is just every 2 or 3 days my homepage gets changed to about:blank. Has anyone got any advice PLEASE? Do I even need to be worried? Thanks in advance!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.