Jump to content

randomuse

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Reputation

0 Neutral
  1. randomuse
    Okay I removed HijackThis. I think that is all I need to ask and I haven't experienced anymore problems with redirecting. Thank you very much.
  2. randomuse
    Okay I deleted the folder. Is there a proper way to remove HijackThis or do I just click and delete it?
  3. randomuse
    Yes, I got the message that combofix is uninstalled yet there is still that folder named combofix containing that one file, NircmdB.exe.
  4. randomuse
    I believe I uninstalled ComboFix but there is still a folder named ComboFix containing NircmdB.exe. There are also text documents called ComboFix and mbam-error, can I delete these? Can Hijackthis also be simply deleted like the other files. There are folders too named Config.Msi and MSOcache that have appeared, which my antivirus had set itself to not scan. Should I set it to scan them or is there a reason it is like that?
  5. randomuse
    I am having trouble removing combofix. When I do run and put combofix /uninstall, I see the combofix loading bar then a window comes up saying something about the OS is not compatible with Xp or 2000. Then my firewall started to turn itself off on its own. I restarted and now my firewall is fine but I still don't know how to remove combofix. With the OTL, GMER, Norton removal tool, and JRE installer, do i just simply click and press delete from my desktop? Do I need to keep flash disinfector too?
  6. randomuse
    I ran flash disinfector and I am not sure if it found anything or if my flash drive is alright. I left my computer when the desktop went blank thinking it will take at least 5 minutes. When I got back the desktop was back so I guess the process was done. With the ESET online scanner, it found no threats so there is no log.
  7. randomuse
    I did as you asked me to for the java runtime environment. So far I haven't experienced any problems with redirecting or new internet explorer windows opening up so thank you so much. Please answer my questions about my usb memory stick and continue with any further directions.
  8. randomuse
    Here is my MBAM log after scanning my computer: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4173 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 06/06/2010 6:48:50 PM mbam-log-2010-06-06 (18-48-50).txt Scan type: Full scan (C:\|) Objects scanned: 224375 Time elapsed: 1 hour(s), 11 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. randomuse
    I managed to use the norton removal tool. Before I move on I have questions. Is it safe to connect my usb mem stick which had been connected to my pc at the time of infection? All it has on it is microsoft word documents and powerpoints. Should I connect it and have MBAM scan it too?
  10. randomuse
    I ran combofix with that text file. Combofix had an update so I said yes to update. Combofix started again after updating and this is the log. ComboFix 10-06-06.01 - Derek1 06/06/2010 15:26:30.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.275 [GMT -4:00] Running from: c:\documents and settings\Derek1\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Derek1\Desktop\CFScript.txt AV: Rogers Online Protection Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Norton Personal Firewall *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Rogers Online Protection Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} . ((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 ))))))))))))))))))))))))))))))) . 2010-06-06 02:32 . 2010-06-06 02:32 -------- d-----w- c:\program files\Trend Micro 2010-06-06 01:34 . 2010-06-06 01:43 -------- d-----w- c:\windows\SxsCaPendDel 2010-06-06 01:14 . 2010-06-06 01:14 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-06-05 23:17 . 2010-06-05 23:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 23:10 . 2010-06-06 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 14:30 . 2010-06-06 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-05 03:26 . 2010-06-05 15:04 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-05 03:25 . 2010-06-05 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-03 13:10 . 2010-06-04 03:28 -------- d-----w- c:\documents and settings\Derek1\Local Settings\Application Data\jhvnxdxco . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 19:33 . 2009-04-10 17:50 65404448 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-06-06 19:32 . 2009-04-10 17:50 2389024 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-06-06 17:50 . 2009-04-27 00:11 -------- d-----w- c:\program files\lg_fwupdate 2010-06-06 17:48 . 2009-04-10 17:50 876152 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-06 17:48 . 2009-04-10 17:50 225368 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-06-06 01:14 . 2009-12-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 20:36 . 2009-09-02 13:40 -------- d-----w- c:\documents and settings\Derek1\Application Data\HpUpdate 2010-05-20 20:44 . 2009-12-30 00:38 -------- d-----w- c:\program files\StepMania 2010-05-12 04:09 . 2010-01-06 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 19:39 . 2009-12-26 20:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-12-26 20:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-18 23:08 . 2006-06-16 21:54 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-04-18 23:07 . 2006-06-16 21:54 88 --sh--r- c:\windows\system32\B18134F98C.sys 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-17 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-17 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Rogers SHS"="c:\program files\Rogers\SelfHealing\shs.exe" [2009-05-26 2741560] "RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-5-17 156784] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-7-3 1175552] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [25/05/2009 11:05 PM 144696] R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [22/04/2008 9:25 AM 163840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/02/2009 7:07 PM 101936] S3 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [27/02/2009 10:52 PM 97520] . . ------- Supplementary Scan ------- . uStart Page = hxxp://rogers.yahoo.com uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://ca.search.yahoo.com IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?403d8f4a5a694306a3e748b2e26a3e08 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?403d8f4a5a694306a3e748b2e26a3e08 Trusted Zone: musicmatch.com\online . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-06 15:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2632) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-06-06 15:36:34 ComboFix-quarantined-files.txt 2010-06-06 19:36 ComboFix2.txt 2010-06-06 18:05 Pre-Run: 40,520,822,784 bytes free Post-Run: 40,509,505,536 bytes free - - End Of File - - 799AC1F250E3E098D38DF82AF9182F1B
  11. randomuse
    I downloaded the norton removal tool and tried running it. It shows it loads but there is no window for it or anything. Should I turn off my firewall first then try it? Also can you clarify for me the backdoor thing. I do not do any banking but I do use my credit card over the internet. Does this mean I could be at risk if I use a credit card online or type in personal information on secure sites?
  12. randomuse
    I ran combofix, it detected rookit activity or something so it rebooted. Here is the log. Also it created an internet explorer shortcut on my desktop. ComboFix 10-06-05.03 - Derek1 06/06/2010 13:28:41.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.240 [GMT -4:00] Running from: c:\documents and settings\Derek1\Desktop\ComboFix.exe AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Rogers Online Protection Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755} FW: Norton Personal Firewall *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Rogers Online Protection Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\shs_setup_4056-345359.exe c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 ))))))))))))))))))))))))))))))) . 2010-06-06 15:56 . 2010-06-06 17:14 -------- d-----w- C:\32788R22FWJFW 2010-06-06 02:32 . 2010-06-06 02:32 -------- d-----w- c:\program files\Trend Micro 2010-06-06 01:34 . 2010-06-06 01:43 -------- d-----w- c:\windows\SxsCaPendDel 2010-06-06 01:14 . 2010-06-06 01:14 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-06-05 23:17 . 2010-06-05 23:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 23:10 . 2010-06-06 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 14:30 . 2010-06-06 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-05 03:26 . 2010-06-05 15:04 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-05 03:25 . 2010-06-05 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-03 13:10 . 2010-06-04 03:28 -------- d-----w- c:\documents and settings\Derek1\Local Settings\Application Data\jhvnxdxco . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 17:51 . 2009-04-10 17:50 65268256 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-06-06 17:50 . 2009-04-27 00:11 -------- d-----w- c:\program files\lg_fwupdate 2010-06-06 17:50 . 2009-04-10 17:50 2381856 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-06-06 17:48 . 2009-04-10 17:50 876152 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-06 17:48 . 2009-04-10 17:50 225368 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-06-06 01:14 . 2009-12-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 20:36 . 2009-09-02 13:40 -------- d-----w- c:\documents and settings\Derek1\Application Data\HpUpdate 2010-05-20 20:44 . 2009-12-30 00:38 -------- d-----w- c:\program files\StepMania 2010-05-12 04:09 . 2010-01-06 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-29 19:39 . 2009-12-26 20:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2009-12-26 20:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-18 23:08 . 2006-06-16 21:54 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-04-18 23:07 . 2006-06-16 21:54 88 --sh--r- c:\windows\system32\B18134F98C.sys 2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-17 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-17 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Rogers SHS"="c:\program files\Rogers\SelfHealing\shs.exe" [2009-05-26 2741560] "RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-5-17 156784] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-7-3 1175552] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2008-2-5 54512] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [25/05/2009 11:05 PM 144696] R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [22/04/2008 9:25 AM 163840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/02/2009 7:07 PM 101936] S3 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [27/02/2009 10:52 PM 97520] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://rogers.yahoo.com uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://ca.search.yahoo.com IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?403d8f4a5a694306a3e748b2e26a3e08 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?403d8f4a5a694306a3e748b2e26a3e08 Trusted Zone: musicmatch.com\online . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-06 13:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1040) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Rogers Online Protection\Rogers Online Protection\Fws.exe c:\program files\Rogers Online Protection\Rogers Online Protection\rps.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-06-06 14:05:47 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-06 18:05 Pre-Run: 39,888,404,480 bytes free Post-Run: 40,525,459,456 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 7116D995F4F618C35ED5BC0E7796A4F4
  13. randomuse
    Just to make things clearer, I used to have norton antivirus but then I changed it and I believe I removed it. I currently still have the combofix warning window open. Can I just click the close button or should I leave it there until I can get the norton antivirus disabled?
  14. randomuse
    I get a warning window saying the following real time scanner is active: antivirus: Norton Antivirus First of all I don't use norton, I use rogers online protection. Norton is supposed to be removed. Can you please give me instructions on how to disable it.
  15. randomuse
    I'll try to upload it.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.