goldie
Honorary Members-
Posts
24 -
Joined
-
Last visited
Reputation
0 Neutral-
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Hi mate. Just uninstalled & reinstalled firefox & it has done the trick. Thanks for all ur help. U can close the topic thanks again -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
keeps comming up this error Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\user>tasklist/svc 'tasklist' is not recognized as an internal or external command, operable program or batch file. C:\Documents and Settings\user>cd| The syntax of the command is incorrect. C:\Documents and Settings\user>cd\ C:\>tasklist/svc 'tasklist' is not recognized as an internal or external command, operable program or batch file. C:\>cd windows C:\WINDOWS>tasklist/svc 'tasklist' is not recognized as an internal or external command, operable program or batch file. C:\WINDOWS>tasklist/svc 'tasklist' is not recognized as an internal or external command, operable program or batch file. C:\WINDOWS>cd\ C:\>tasklist 'tasklist' is not recognized as an internal or external command, operable program or batch file. C:\> -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Sorry to be a pain mate. I ve done the new scan but still the prob here is the log Malwarebytes' Anti-Malware 1.34 Database version: 1778 Windows 5.1.2600 Service Pack 3 19/02/2009 10:51:48 mbam-log-2009-02-19 (10-51-48).txt Scan type: Quick Scan Objects scanned: 81045 Time elapsed: 10 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Are U still there to help please -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
I Uninstalled all of them but still have the same problem -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
PC IS Behaving Fine. IE Home Page is fine its only in firefox maybe i should uninstall & reinstall firefox -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
ok did all that here r the reports online scan report KASPERSKY ONLINE SCANNER 7 REPORT Sunday, February 15, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, February 13, 2009 17:21:08 Records in database: 1793226 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 86073 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:03:04 File name / Threat name / Threats count C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Infected: Trojan.JS.Redirector.b 1 The selected area was scanned. HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:53, on 15/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file) O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141679236031 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe -- End of file - 11476 bytes -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
hi there sorry for the delay, i ve been ill Hrere are the logs Dr Web Log data002;C:\Documents and Settings\user\Desktop;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\user\Desktop;Container contains infected objects;Moved.; HoldEmSetup-dm[1].exe;C:\Downloads;Adware.TryMedia;Incurable.Deleted.; SpWizard.exe;C:\Program Files\WinRAR\Setup&CabPacker;Trojan.Click.17167;Deleted.; A0000208.exe;C:\System Volume Information\_restore{21257B34-F143-460A-89C1-8999DCDC75FD}\RP3;Trojan.Click.17167;Deleted.; kanye west - love locked down .mp3;E:\Music;Trojan.WMALoader;Cured.; HJT LOg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:01:43, on 12/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\VIA\RAID\vialogsv.exe C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file) O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: LaunchU3.exe.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141679236031 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe -- End of file - 11504 bytes Still Keeps up comming with same site as my home add -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
ok done all that attatched is the log file gmerlog.zip gmerlog.zip -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Hi Here are the logs Combofix ComboFix 09-02-06.01 - user 2009-02-06 19:52:54.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.848 [GMT 0:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point FILE :: c:\documents and settings\Guest\p3pp0s_conf.dat c:\windows\system32\fz_32.dll c:\windows\system32\fz32.dll c:\windows\system32\lqdado.dll c:\windows\system32\wsg_32.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Guest\p3pp0s_conf.dat c:\windows\system32\fz_32.dll c:\windows\system32\fz32.dll c:\windows\system32\lqdado.dll c:\windows\system32\wsg_32.dll . ((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-01-30 00:00 . 2009-02-06 19:59 218 --a------ c:\windows\system32\tversity.cookies 2009-01-29 20:03 . 2009-01-29 20:05 250 --a------ c:\windows\gmer.ini 2009-01-24 18:48 . 2009-01-24 18:51 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-22 10:58 . 2009-01-22 10:57 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-22 10:58 . 2009-01-22 10:57 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-22 10:57 . 2009-01-22 10:57 <DIR> d-------- c:\program files\Java 2009-01-21 21:15 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-21 21:13 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-21 21:13 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-21 21:13 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-21 21:13 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-21 21:12 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys 2009-01-21 21:12 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys 2009-01-21 21:11 . 2009-01-21 21:11 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-17 19:10 . 2009-01-17 19:10 <DIR> d-------- c:\documents and settings\user\Application Data\TomTom 2009-01-16 21:18 . 2009-01-16 21:18 <DIR> d-------- c:\program files\Trend Micro 2009-01-16 18:00 . 2009-01-16 18:00 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-01-16 17:57 . 2009-01-16 17:57 <DIR> d-------- c:\program files\Windows Mobile Device Handbook 2009-01-13 21:22 . 2009-01-19 18:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 21:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-13 21:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-09 22:26 . 2009-01-12 18:34 <DIR> d-------- c:\documents and settings\user\Tracing 2009-01-09 21:41 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector 2009-01-09 21:41 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-09 21:22 . 2009-01-09 21:22 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-01-09 21:13 . 2009-01-09 21:13 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-09 21:13 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft 2009-01-09 18:08 . 2009-01-09 18:08 <DIR> d-------- c:\program files\Microsoft Works 2009-01-09 18:05 . 2009-01-09 18:05 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-09 17:56 . 2009-01-09 17:56 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-09 17:52 . 2009-01-09 17:52 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-01-09 17:50 . 2009-01-16 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 20:28 . 2009-01-07 20:28 2 --a------ C:\-857030512 2009-01-07 12:56 . 2009-01-07 13:00 <DIR> d-------- c:\program files\Common Files\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 11:50 --------- d-----w c:\documents and settings\user\Application Data\Azureus 2009-01-29 20:24 --------- d-----w c:\program files\Microsoft Small Business 2009-01-28 18:36 --------- d-----w c:\program files\Azureus 2009-01-22 21:40 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-22 19:30 --------- d-----w c:\program files\Yahoo! 2009-01-22 19:30 --------- d-----w c:\program files\Windows Live Safety Center 2009-01-22 19:29 --------- d-----w c:\documents and settings\user\Application Data\UpdateStar 2009-01-22 19:26 --------- d-----w c:\program files\Sony 2009-01-22 19:26 --------- d-----w c:\program files\Google 2009-01-21 21:13 --------- d-----w c:\program files\Nokia 2009-01-21 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-21 21:04 --------- d-----w c:\documents and settings\user\Application Data\PC Suite 2009-01-13 21:24 --------- d-----w c:\documents and settings\user\Application Data\LimeWire 2009-01-13 21:18 --------- d-----w c:\program files\nLite 2009-01-13 20:52 --------- d-----w c:\program files\CCleaner 2009-01-09 21:41 --------- d-----w c:\program files\Windows Live 2009-01-09 21:22 --------- d-----w c:\program files\Windows Live Toolbar 2009-01-09 18:08 --------- d-----w c:\program files\MSBuild 2009-01-08 18:46 --------- d-----w c:\program files\Microsoft SQL Server 2009-01-08 18:39 --------- d-----w c:\program files\SimpleCenter 2009-01-08 18:37 --------- d-----w c:\program files\DivX 2009-01-08 18:37 --------- d-----w c:\program files\CachemanXP 2009-01-08 18:37 --------- d-----w c:\documents and settings\user\Application Data\DivX 2009-01-07 13:01 --------- d-----w c:\documents and settings\user\Application Data\Nero 2009-01-07 12:56 --------- d-----w c:\program files\Nero 2009-01-04 16:46 --------- d-----w c:\program files\mkv2vob 2009-01-04 00:45 --------- d-----w c:\program files\Good 2009-01-01 23:01 --------- d-----w c:\program files\Newspaper Delivery 2008-12-27 20:57 --------- d-----w c:\program files\BitLord 2008-12-25 14:36 --------- d-----w c:\program files\Haali 2008-12-25 14:31 --------- d-----w c:\program files\TVersity Codec Pack 2008-12-25 14:31 --------- d-----w c:\program files\ffdshow 2008-12-25 13:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-22 20:07 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-12-21 12:09 --------- d-----w c:\documents and settings\user\Application Data\NeroDigital -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
H i I am trying to get regbooks, but it says it can not find the web page? -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
mbam log Malwarebytes' Anti-Malware 1.33 Database version: 1702 Windows 5.1.2600 Service Pack 3 28/01/2009 18:22:44 mbam-log-2009-01-28 (18-22-44).txt Scan type: Quick Scan Objects scanned: 73785 Time elapsed: 10 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix Log ComboFix 09-02-02.04 - user 2009-02-03 18:58:59.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.939 [GMT 0:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))) . 2009-01-30 00:00 . 2009-02-03 19:05 218 --a------ c:\windows\system32\tversity.cookies 2009-01-29 20:03 . 2009-01-29 20:05 250 --a------ c:\windows\gmer.ini 2009-01-24 18:48 . 2009-01-24 18:51 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-22 10:58 . 2009-01-22 10:57 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-22 10:58 . 2009-01-22 10:57 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-22 10:57 . 2009-01-22 10:57 <DIR> d-------- c:\program files\Java 2009-01-21 21:15 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-21 21:13 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-21 21:13 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-21 21:13 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-21 21:13 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-21 21:12 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys 2009-01-21 21:12 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys 2009-01-21 21:11 . 2009-01-21 21:11 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-17 19:10 . 2009-01-17 19:10 <DIR> d-------- c:\documents and settings\user\Application Data\TomTom 2009-01-16 21:18 . 2009-01-16 21:18 <DIR> d-------- c:\program files\Trend Micro 2009-01-16 18:00 . 2009-01-16 18:00 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-01-16 17:57 . 2009-01-16 17:57 <DIR> d-------- c:\program files\Windows Mobile Device Handbook 2009-01-13 21:22 . 2009-01-19 18:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 21:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-13 21:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-09 22:26 . 2009-01-12 18:34 <DIR> d-------- c:\documents and settings\user\Tracing 2009-01-09 21:41 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector 2009-01-09 21:41 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-09 21:22 . 2009-01-09 21:22 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-01-09 21:13 . 2009-01-09 21:13 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-09 21:13 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft 2009-01-09 18:08 . 2009-01-09 18:08 <DIR> d-------- c:\program files\Microsoft Works 2009-01-09 18:05 . 2009-01-09 18:05 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-09 17:56 . 2009-01-09 17:56 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-09 17:52 . 2009-01-09 17:52 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-01-09 17:50 . 2009-01-16 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 20:28 . 2009-01-07 20:28 2 --a------ C:\-857030512 2009-01-07 12:56 . 2009-01-07 13:00 <DIR> d-------- c:\program files\Common Files\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 11:50 --------- d-----w c:\documents and settings\user\Application Data\Azureus 2009-01-29 20:24 --------- d-----w c:\program files\Microsoft Small Business 2009-01-28 18:36 --------- d-----w c:\program files\Azureus 2009-01-22 21:40 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-22 19:30 --------- d-----w c:\program files\Yahoo! 2009-01-22 19:30 --------- d-----w c:\program files\Windows Live Safety Center 2009-01-22 19:29 --------- d-----w c:\documents and settings\user\Application Data\UpdateStar 2009-01-22 19:26 --------- d-----w c:\program files\Sony 2009-01-22 19:26 --------- d-----w c:\program files\Google 2009-01-21 21:13 --------- d-----w c:\program files\Nokia 2009-01-21 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-21 21:04 --------- d-----w c:\documents and settings\user\Application Data\PC Suite 2009-01-13 21:24 --------- d-----w c:\documents and settings\user\Application Data\LimeWire 2009-01-13 21:18 --------- d-----w c:\program files\nLite 2009-01-13 20:52 --------- d-----w c:\program files\CCleaner 2009-01-09 21:41 --------- d-----w c:\program files\Windows Live 2009-01-09 21:22 --------- d-----w c:\program files\Windows Live Toolbar 2009-01-09 18:08 --------- d-----w c:\program files\MSBuild 2009-01-08 18:46 --------- d-----w c:\program files\Microsoft SQL Server 2009-01-08 18:39 --------- d-----w c:\program files\SimpleCenter 2009-01-08 18:37 --------- d-----w c:\program files\DivX 2009-01-08 18:37 --------- d-----w c:\program files\CachemanXP 2009-01-08 18:37 --------- d-----w c:\documents and settings\user\Application Data\DivX 2009-01-07 13:01 --------- d-----w c:\documents and settings\user\Application Data\Nero 2009-01-07 12:56 --------- d-----w c:\program files\Nero 2009-01-04 16:46 --------- d-----w c:\program files\mkv2vob 2009-01-04 00:45 --------- d-----w c:\program files\Good 2009-01-01 23:01 --------- d-----w c:\program files\Newspaper Delivery 2008-12-27 20:57 --------- d-----w c:\program files\BitLord 2008-12-25 14:36 --------- d-----w c:\program files\Haali 2008-12-25 14:31 --------- d-----w c:\program files\TVersity Codec Pack 2008-12-25 14:31 --------- d-----w c:\program files\ffdshow 2008-12-25 13:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-22 20:07 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-12-21 12:09 --------- d-----w c:\documents and settings\user\Application Data\NeroDigital -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Hi here is the log for combofix ComboFix 09-02-01.01 - user 2009-02-02 11:55:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.920 [GMT 0:00] Running from: c:\documents and settings\user\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\user\Application Data\Adobe\crc.dat c:\program files\outlook c:\windows\system32\drivers\RKHit.sys c:\windows\system32\taskkill.com c:\documents and settings\user\Cookies\??????????????????????? . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_RkHit ((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-01-30 00:00 . 2009-02-02 12:02 218 --a------ c:\windows\system32\tversity.cookies 2009-01-29 20:03 . 2009-01-29 20:05 250 --a------ c:\windows\gmer.ini 2009-01-24 18:48 . 2009-01-24 18:51 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-01-22 10:58 . 2009-01-22 10:57 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-22 10:58 . 2009-01-22 10:57 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-22 10:57 . 2009-01-22 10:57 <DIR> d-------- c:\program files\Java 2009-01-21 21:15 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-01-21 21:15 . 2009-01-21 21:15 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-01-21 21:13 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-01-21 21:13 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-01-21 21:13 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-01-21 21:13 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-01-21 21:13 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-01-21 21:12 . 2008-02-01 15:17 138,112 --a------ c:\windows\system32\drivers\nmwcdnsu.sys 2009-01-21 21:12 . 2008-02-01 15:17 8,320 --a------ c:\windows\system32\drivers\nmwcdnsuc.sys 2009-01-21 21:11 . 2009-01-21 21:11 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-17 19:10 . 2009-01-17 19:10 <DIR> d-------- c:\documents and settings\user\Application Data\TomTom 2009-01-16 21:18 . 2009-01-16 21:18 <DIR> d-------- c:\program files\Trend Micro 2009-01-16 18:00 . 2009-01-16 18:00 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-01-16 17:57 . 2009-01-16 17:57 <DIR> d-------- c:\program files\Windows Mobile Device Handbook 2009-01-13 21:22 . 2009-01-19 18:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-13 21:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-13 21:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-09 22:26 . 2009-01-12 18:34 <DIR> d-------- c:\documents and settings\user\Tracing 2009-01-09 21:41 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector 2009-01-09 21:41 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-09 21:22 . 2009-01-09 21:22 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-01-09 21:13 . 2009-01-09 21:13 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-09 21:13 . 2009-01-09 21:41 <DIR> d-------- c:\program files\Microsoft 2009-01-09 18:08 . 2009-01-09 18:08 <DIR> d-------- c:\program files\Microsoft Works 2009-01-09 18:05 . 2009-01-09 18:05 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-09 17:56 . 2009-01-09 17:56 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-09 17:52 . 2009-01-09 17:52 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-01-09 17:50 . 2009-01-16 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 20:28 . 2009-01-07 20:28 2 --a------ C:\-857030512 2009-01-07 12:56 . 2009-01-07 13:00 <DIR> d-------- c:\program files\Common Files\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 11:50 --------- d-----w c:\documents and settings\user\Application Data\Azureus 2009-01-29 20:24 --------- d-----w c:\program files\Microsoft Small Business 2009-01-28 18:36 --------- d-----w c:\program files\Azureus 2009-01-22 21:40 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-22 19:30 --------- d-----w c:\program files\Yahoo! 2009-01-22 19:30 --------- d-----w c:\program files\Windows Live Safety Center 2009-01-22 19:29 --------- d-----w c:\documents and settings\user\Application Data\UpdateStar 2009-01-22 19:26 --------- d-----w c:\program files\Sony 2009-01-22 19:26 --------- d-----w c:\program files\Google 2009-01-21 21:13 --------- d-----w c:\program files\Nokia 2009-01-21 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-21 21:04 --------- d-----w c:\documents and settings\user\Application Data\PC Suite 2009-01-13 21:24 --------- d-----w c:\documents and settings\user\Application Data\LimeWire 2009-01-13 21:18 --------- d-----w c:\program files\nLite 2009-01-13 20:52 --------- d-----w c:\program files\CCleaner 2009-01-09 21:41 --------- d-----w c:\program files\Windows Live 2009-01-09 21:22 --------- d-----w c:\program files\Windows Live Toolbar 2009-01-09 18:08 --------- d-----w c:\program files\MSBuild 2009-01-08 18:46 --------- d-----w c:\program files\Microsoft SQL Server 2009-01-08 18:39 --------- d-----w c:\program files\SimpleCenter 2009-01-08 18:37 --------- d-----w c:\program files\DivX 2009-01-08 18:37 --------- d-----w c:\program files\CachemanXP 2009-01-08 18:37 --------- d-----w c:\documents and settings\user\Application Data\DivX 2009-01-07 13:01 --------- d-----w c:\documents and settings\user\Application Data\Nero 2009-01-07 12:56 --------- d-----w c:\program files\Nero 2009-01-04 16:46 --------- d-----w c:\program files\mkv2vob 2009-01-04 00:45 --------- d-----w c:\program files\Good 2009-01-01 23:01 --------- d-----w c:\program files\Newspaper Delivery 2008-12-27 20:57 --------- d-----w c:\program files\BitLord 2008-12-25 14:36 --------- d-----w c:\program files\Haali 2008-12-25 14:31 --------- d-----w c:\program files\TVersity Codec Pack 2008-12-25 14:31 --------- d-----w c:\program files\ffdshow 2008-12-25 13:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-22 20:07 --------- d-----w c:\documents and settings\user\Application Data\U3 2008-12-21 12:09 --------- d-----w c:\documents and settings\user\Application Data\NeroDigital -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
hi , i tried that but it keeps goint to delfindhr.com -
dealhrfind.com on my browser home page
goldie replied to goldie's topic in Resolved Malware Removal Logs
Hi, I dont get any windows pop up apart from my home page being dealfinhr.com. This is only in firefox, IE is fine. Here is the gmer log gmerlog.zip gmerlog.zip