Jump to content

13ball

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ComboFix uninstalled OK. OTCleanIt left the SecurityCheck, Adwcleaner and HiJackThis applications remaining on the desktop.
  2. OK. Have deleted the startup entries you listed and ran Eset scanner. Eset reported no infected files
  3. OK. Followed directions you provided. Restarted computer afterward. Revo uninstaller still thinks Acrobat 6.0.1 is there. Have not tried to uninstall it again. The various updates are still there too. I installed Foxit Reader. Logs follow... Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.05.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 clintball :: DELL170L [administrator] 11/5/2012 12:27:11 PM mbam-log-2012-11-05 (12-27-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 227390 Time elapsed: 5 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:55:22 PM, on 11/5/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Digital Design Ltd\Installers\MCCINST.EXE C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Documents and Settings\clintball\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.1.9:80;gopher=192.168.1.9:80;http=192.168.1.9:80;https=192.168.1.9:80;socks=192.168.1.9:1080 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [uNINST1] rundll32 c:\docume~1\clintb~1\locals~1\temp\uninstmanager.dll,UninstallFinalizeFromNonMsiCaller {AC76BA86-0000-0000-0000-000000000000} O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk" O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.31.1044.0 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0829 -f audio -m logitech -d 13.31.1044.0 (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341765924198 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Metric Conversion Calculator Installer - Digital Design Ltd. (DigitalDesignLtd.com) - C:\Program Files\Digital Design Ltd\Metric Conversion Calculator\MCCINST.EXE O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 7351 bytes
  4. Here is the report as you asked: C:\Qoobox\Add-Remove Programs.txt Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0.1 Standard Adobe Acrobat and Reader 6.0.3 Update Adobe Acrobat and Reader 6.0.4 Update Adobe Acrobat and Reader 6.0.5 Update Adobe Acrobat and Reader 6.0.6 Update Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe PhotoDeluxe Home Edition 3.0 Adobe Photoshop 7.0 Adobe Reader 6.0.1 Apple Software Update Business Contact Manager for Outlook 2003 Cisco Connect ColorPic Compatibility Pack for the 2007 Office system CSE HTML Validator Lite v7.01 DESI Labeling System Expstudio Audio Editor FREE Extensis Portfolio 4.0 Google SketchUp GoToMeeting/GoToWebinar 3.0.0.189 Hotfix for Windows XP (KB2756822) HP LaserJet P1000 series HPCarePackProducts hppMSRedist hppusgP1000 Intel® Extreme Graphics 2 Driver Intel® PRO Network Connections Drivers Intel® PROSet Java 7 Update 9 Java Auto Updater LiveReg (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch McAfee Shredder MCU Metric Conversion Calculator Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Office 97, Professional Edition Microsoft Office FrontPage 2003 Microsoft Office Live Meeting 2005 Microsoft Office Outlook Connector Microsoft Office Small Business Edition 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MotoCast Motorola Device Manager Motorola Device Software Update MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.9.0 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MrvlUsgTracking MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) PaperPort 9.0 PowerDVD 5.1 QuickTime Revo Uninstaller 1.94 Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2731847) Skype™ 5.10 Spybot - Search & Destroy Symantec pcAnywhere TOPO! Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows XP (KB2492386) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) VideoMach 3.4.1 WebFldrs XP Windows Defender Windows Internet Explorer 8 Windows XP Service Pack 3
  5. OK - dragged the clearjavacache scripped and ran Combofix. During the process Combofix said there is a newer verison available - do you want to update? I said yes. Later it had an issue with shutting down Motorola Device Manager( Motorola something - can't remember the exact filename) - clicked "end now". Combofix then ran to completion with no other issue. Opened Firefox. Firefox updated itself automatically to ver. 16.0.2. Have not had a redirect issue since running combofix. Seems like the computer is working harder whe browsing now. Lots of packet activity even when not browsing. ComboFix 12-11-04.01 - clintball 11/04/2012 10:37:18.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.318 [GMT -7:00] Running from: c:\documents and settings\clintball\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\clintball\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 ))))))))))))))))))))))))))))))) . . 2012-11-02 07:39 . 2012-10-17 08:32 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{77EDBFAA-F9BE-4DC8-BE8A-8D9D609520DB}\mpengine.dll 2012-10-30 21:27 . 2012-10-30 21:27 -------- d-----w- c:\program files\VS Revo Group 2012-10-22 20:55 . 2012-10-17 08:32 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-10-22 20:55 . 2012-05-31 18:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-10-22 20:52 . 2012-10-22 20:53 -------- d-----w- c:\program files\Windows Defender 2012-10-22 20:09 . 2012-10-22 20:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-22 17:21 . 2012-10-22 17:21 -------- d-----w- c:\program files\Common Files\Java 2012-10-22 17:20 . 2012-09-25 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-18 19:10 . 2012-10-18 19:10 -------- d-----w- c:\documents and settings\clint\Application Data\Malwarebytes 2012-10-13 14:48 . 2012-10-13 14:48 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 22:30 . 2012-07-08 20:35 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-13 22:30 . 2012-07-08 20:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-13 14:48 . 2012-07-08 18:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-13 14:48 . 2012-07-08 18:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 01:54 . 2012-09-07 22:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-15 00:02 . 2012-09-15 00:02 161268 ----a-w- c:\windows\Expstudio Audio Editor FREE Uninstaller.exe 2012-08-28 15:14 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 20:47 . 2010-09-03 16:37 1280 ----a-w- c:\windows\Fonts\GF_FreeLicense.txt 2012-08-21 13:29 . 2004-08-11 23:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-04 04:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-09 04:19 . 2010-03-13 07:51 1005 ----a-w- c:\windows\Fonts\font info.txt 2012-07-17 22:40 . 2012-07-08 17:03 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-15 1704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2002-02-15 17:51 24638 ----a-w- c:\windows\system32\PCANotify.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\MotoCast.exe"= "c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 . R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [6/5/2012 10:48 AM 87400] R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [7/17/2012 1:31 PM 116632] S2 Metric Conversion Calculator Installer;Metric Conversion Calculator Installer;c:\program files\Digital Design Ltd\Metric Conversion Calculator\mccinst.exe [7/20/2012 1:27 PM 421888] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 12:19 PM 160944] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [9/14/2012 5:29 PM 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/14/2012 5:29 PM 20864] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/14/2012 5:29 PM 8448] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [9/14/2012 5:29 PM 23808] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [9/14/2012 5:29 PM 11008] . Contents of the 'Scheduled Tasks' folder . 2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:48] . 2012-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2012-11-04 c:\windows\Tasks\MotoCast Update.job - c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-09-15 15:35] . 2012-11-04 c:\windows\Tasks\Motorola Device Manager Engine.job - c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31] . 2012-10-15 c:\windows\Tasks\Motorola Device Manager Update.job - c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = ftp=192.168.1.9:80;gopher=192.168.1.9:80;http=192.168.1.9:80;https=192.168.1.9:80;socks=192.168.1.9:1080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: inntopia.com\crs TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 FF - ProfilePath - c:\documents and settings\clintball\Application Data\Mozilla\Firefox\Profiles\0gvhu8wq.default-1351964344081\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-04 10:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1036) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-11-04 10:50:29 ComboFix-quarantined-files.txt 2012-11-04 17:50 ComboFix2.txt 2012-11-03 00:30 ComboFix3.txt 2012-10-22 21:28 ComboFix4.txt 2012-10-22 18:01 ComboFix5.txt 2012-11-04 17:30 . Pre-Run: 62,067,716,096 bytes free Post-Run: 62,070,808,576 bytes free . - - End Of File - - F6F619314CAAA9A8412F9E82943CFC3E
  6. OK. Have reset Firefox back to defaults. I've not yet had the redirect problem. Will try it out rest of today to be more confident.
  7. Combofix ran without any issues - log follows. When checking Firefox, I had the redirect problem right away. Still do not see issue with IE. I did not restart computer prior to testing. ComboFix 12-11-02.02 - clintball 11/02/2012 18:15:30.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.278 [GMT -6:00] Running from: c:\documents and settings\clintball\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 ))))))))))))))))))))))))))))))) . . 2012-11-02 07:39 . 2012-10-17 08:32 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{77EDBFAA-F9BE-4DC8-BE8A-8D9D609520DB}\mpengine.dll 2012-10-30 21:27 . 2012-10-30 21:27 -------- d-----w- c:\program files\VS Revo Group 2012-10-22 20:55 . 2012-10-17 08:32 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-10-22 20:55 . 2012-05-31 18:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-10-22 20:52 . 2012-10-22 20:53 -------- d-----w- c:\program files\Windows Defender 2012-10-22 20:09 . 2012-10-22 20:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-22 17:21 . 2012-10-22 17:21 -------- d-----w- c:\program files\Common Files\Java 2012-10-22 17:20 . 2012-09-25 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-18 19:10 . 2012-10-18 19:10 -------- d-----w- c:\documents and settings\clint\Application Data\Malwarebytes 2012-10-13 14:48 . 2012-10-13 14:48 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 22:30 . 2012-07-08 20:35 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-13 22:30 . 2012-07-08 20:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-13 14:48 . 2012-07-08 18:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-13 14:48 . 2012-07-08 18:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 01:54 . 2012-09-07 22:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-15 00:02 . 2012-09-15 00:02 161268 ----a-w- c:\windows\Expstudio Audio Editor FREE Uninstaller.exe 2012-08-28 15:14 . 2004-08-11 23:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-11 23:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-11 23:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-11 23:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 20:47 . 2010-09-03 16:37 1280 ----a-w- c:\windows\Fonts\GF_FreeLicense.txt 2012-08-21 13:29 . 2004-08-11 23:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-04 04:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-09 04:19 . 2010-03-13 07:51 1005 ----a-w- c:\windows\Fonts\font info.txt 2012-07-17 22:40 . 2012-07-08 17:03 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-09-15 1704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-01-18 465944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] 2002-02-15 17:51 24638 ----a-w- c:\windows\system32\PCANotify.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\MotoCast.exe"= "c:\\Program Files\\Motorola Media Link\\Lite\\MML.exe"= "c:\\Program Files\\Motorola Mobility\\MotoCast\\bin\\MotoCast-thumbnailer.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:*:Disabled:@xpsp2res.dll,-22017 . R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [6/5/2012 11:48 AM 87400] R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [7/17/2012 2:31 PM 116632] S2 Metric Conversion Calculator Installer;Metric Conversion Calculator Installer;c:\program files\Digital Design Ltd\Metric Conversion Calculator\mccinst.exe [7/20/2012 2:27 PM 421888] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [9/14/2012 6:29 PM 6016] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/14/2012 6:29 PM 20864] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/14/2012 6:29 PM 8448] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [9/14/2012 6:29 PM 23808] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [9/14/2012 6:29 PM 11008] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:48] . 2012-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2012-11-02 c:\windows\Tasks\MotoCast Update.job - c:\program files\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-09-15 15:35] . 2012-11-02 c:\windows\Tasks\Motorola Device Manager Engine.job - c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31] . 2012-10-15 c:\windows\Tasks\Motorola Device Manager Update.job - c:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17 20:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = ftp=192.168.1.9:80;gopher=192.168.1.9:80;http=192.168.1.9:80;https=192.168.1.9:80;socks=192.168.1.9:1080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: inntopia.com\crs TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1 FF - ProfilePath - c:\documents and settings\clintball\Application Data\Mozilla\Firefox\Profiles\bt1dn9cn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com FF - prefs.js: network.proxy.ftp - 192.168.1.9 FF - prefs.js: network.proxy.ftp_port - 80 FF - prefs.js: network.proxy.gopher - 192.168.1.9 FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - 192.168.1.9 FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.socks - 192.168.1.9 FF - prefs.js: network.proxy.socks_port - 1080 FF - prefs.js: network.proxy.ssl - 192.168.1.9 FF - prefs.js: network.proxy.ssl_port - 80 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-02 18:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\igfxdev.dll . - - - - - - - > 'winlogon.exe'(5692) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(4724) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . - - - - - - - > 'explorer.exe'(3576) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-11-02 18:30:01 ComboFix-quarantined-files.txt 2012-11-03 00:29 ComboFix2.txt 2012-10-22 21:28 ComboFix3.txt 2012-10-22 18:01 ComboFix4.txt 2012-10-22 17:11 . Pre-Run: 62,152,732,672 bytes free Post-Run: 62,207,672,320 bytes free . - - End Of File - - 40D275F90A0AA6624233822A6369B980
  8. Hi Gringo, Here's the pertinent info from and up to when the posts were lost. I also had to re-register as my account was gone too. The issue was intermittent redirect of search results. When searching, the results come back fine however when clicking on them, redirect to various sites. Issue was with all browsers and search engines. After seeing the dds report you asked me to run Security Check, Adwcleaner and Rougekiller. All ran fine, logs follow. After running these utilities a quick browser check showed that problem still exists with Firefox - it may however be gone from IE. I've not had the problem in IE when trying to make it happen again. Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Windows Defender Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader 6 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Windows Defender MsMpEng.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log`````````````````````` # AdwCleaner v2.006 - Logfile created 11/01/2012 at 12:42:27 # Updated 30/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : clintball - DELL170L # Boot Mode : Normal # Running from : C:\Documents and Settings\clintball\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-US) Profile name : default File : C:\Documents and Settings\clintball\Application Data\Mozilla\Firefox\Profiles\bt1dn9cn.default\prefs.js [OK] File is clean. Profile name : default File : C:\Documents and Settings\clint\Application Data\Mozilla\Firefox\Profiles\ns6tzsfi.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3112 octets] - [22/10/2012 12:47:14] AdwCleaner[s1].txt - [1221 octets] - [22/10/2012 13:40:21] AdwCleaner[R2].txt - [1161 octets] - [22/10/2012 13:53:09] AdwCleaner[s2].txt - [1609 octets] - [01/11/2012 12:42:27] ########## EOF - C:\AdwCleaner[s2].txt - [1669 octets] ########## RogueKiller V8.2.1 [10/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : clintball [Admin rights] Mode : Remove -- Date : 11/01/2012 12:48:29 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=192.168.1.9:80;gopher=192.168.1.9:80;hxxp=192.168.1.9:80;hxxps=192.168.1.9:80;socks=192.168.1.9:1080) -> NOT REMOVED, USE PROXYFIX [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-75JHC0 +++++ --- User --- [MBR] 3f600efdb21dfe69d36a6b2a42a5d564 [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76245 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.