Browser hijacked - need hijack this and help

View previous topic View next topic Go down

Browser hijacked - need hijack this and help

Post by moreyag on 3rd March 2012, 2:56 pm

Hi
I picked up a threat somewhere, Avast, Malwarebytes appeared to get rid of it but now my browser is redirected to junk sites
I know i need to run Hijack This, just need a clean link to the newest download
Thanks in advance,
All help is appreciated

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 3rd March 2012, 6:57 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 3rd March 2012, 9:47 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/03/2012 at 04:30 PM

Application Version : 5.0.1144

Core Rules Database Version : 8302
Trace Rules Database Version: 6114

Scan type : Complete Scan
Total Scan Time : 00:51:52

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 624
Memory threats detected : 0
Registry items scanned : 34292
Registry threats detected : 0
File items scanned : 98630
File threats detected : 97

Adware.Tracking Cookie
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@ad.choiceradio[1].txt [ /ad.choiceradio ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@ads.cnn[1].txt [ /ads.cnn ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@ads.ireport[2].txt [ /ads.ireport ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@ads2.bigrradio[1].txt [ /ads2.bigrradio ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@dmtracker[1].txt [ /dmtracker ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@media.photobucket[1].txt [ /media.photobucket ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@mediastore.verizonwireless[1].txt [ /mediastore.verizonwireless ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@myaccount.verizonwireless[2].txt [ /myaccount.verizonwireless ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
C:\Documents and Settings\Morey Gottesman\Cookies\morey_gottesman@tripod[2].txt [ /tripod ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@247realmedia[2].txt [ /247realmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@adserver.valwa[2].txt [ /adserver.valwa ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@advertise[1].txt [ /advertise ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@bizzclick[1].txt [ /bizzclick ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@collective-media[1].txt [ /collective-media ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@dc.tremormedia[1].txt [ /dc.tremormedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@dc.tremormedia[2].txt [ /dc.tremormedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@educationcom.112.2o7[1].txt [ /educationcom.112.2o7 ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@educationcom.112.2o7[2].txt [ /educationcom.112.2o7 ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@lucidmedia[1].txt [ /lucidmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@lucidmedia[2].txt [ /lucidmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@martiniadnetwork[2].txt [ /martiniadnetwork ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@media6degrees[3].txt [ /media6degrees ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@mediabrandsww[2].txt [ /mediabrandsww ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@mediatraffic[1].txt [ /mediatraffic ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@network.realmedia[2].txt [ /network.realmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@network.realmedia[3].txt [ /network.realmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@pointroll[2].txt [ /pointroll ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@questionmarket[1].txt [ /questionmarket ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@questionmarket[2].txt [ /questionmarket ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@realmedia[2].txt [ /realmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@realmedia[3].txt [ /realmedia ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@ru4[2].txt [ /ru4 ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@ru4[3].txt [ /ru4 ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@search.clicksfind[1].txt [ /search.clicksfind ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@trafficengine[1].txt [ /trafficengine ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@tribalfusion[2].txt [ /tribalfusion ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@tribalfusion[3].txt [ /tribalfusion ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@viacom.adbureau[1].txt [ /viacom.adbureau ]
C:\Documents and Settings\Morey Gottesman\Cookies\system@[You must be registered and logged in to see this link.] [ /www.find-quick-results ]
C:\Documents and Settings\Morey Gottesman\Cookies\GTJ5ICWR.txt [ /ads.cnn.com ]
C:\Documents and Settings\Morey Gottesman\Cookies\0LR4YFGF.txt [ /myaccount.nytimes.com ]
C:\Documents and Settings\Morey Gottesman\Cookies\4940TZMV.txt [ /richmedia.yahoo.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@paypal.112.2o7[1].txt [ Cookie:administrator@paypal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@2o7[1].txt [ Cookie:administrator@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@content.yieldmanager[1].txt [ Cookie:administrator@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@in.getclicky[1].txt [ Cookie:administrator@in.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@collective-media[2].txt [ Cookie:administrator@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@ad.yieldmanager[2].txt [ Cookie:administrator@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@stats.paypal[2].txt [ Cookie:administrator@stats.paypal.com/ ]
C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\Cookies\LPYV2YP4.txt [ Cookie:morey [You must be registered and logged in to see this link.]/2011/12/08/hundreds-arrested-as-china-police-smash-child-trafficking-ring/ ]
C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\Cookies\5QZW10Z5.txt [ Cookie:morey [You must be registered and logged in to see this link.]/2011/08/23/bisexual-men-science-says-theyre-real/ ]
C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\Cookies\866I4RUE.txt [ Cookie:morey [You must be registered and logged in to see this link.]/2011/09/15/sofia-vergara-i-look-like-a-transsexual/ ]
C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\Cookies\MM7DWB08.txt [ Cookie:morey gottesman@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\Cookies\WC0GXHTU.txt [ Cookie:morey [You must be registered and logged in to see this link.]/2011/10/26/midler-sex-with-geraldo-was-nothing-to-write-home-about/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@AD.WSOD[1].TXT [ /AD.WSOD ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\COOKIES\ADMINISTRATOR@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
.avgtechnologies.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.richmedia.yahoo.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
traffic.outbrain.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.county-waste.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.county-waste.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
.county-waste.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
ads.easyoffertracking.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
ads.easyoffertracking.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\MOREY GOTTESMAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NO7CLPOJ.DEFAULT\COOKIES.SQLITE ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TJS3PHGE ]

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 3rd March 2012, 10:10 pm

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Morey Gottesman at 17:07:51 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1198 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Custom Skin Clock\Clock.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Custom Skin Clock] c:\program files\custom skin clock\Clock.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &Highlight - c:\windows\web\highlight.htm
IE: &Links List - c:\windows\web\urllist.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\web\imglist.htm
IE: Open Frame in &New Window - c:\windows\web\frm2new.htm
IE: Zoom &In - c:\windows\web\zoomin.htm
IE: Zoom O&ut - c:\windows\web\zoomout.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Trusted Zone: epiphone.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: turbotax.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [You must be registered and logged in to see this link.]
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - [You must be registered and logged in to see this link.]
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA188392-48B5-45B2-B77B-ABC2BBFA894A} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.63.147.16 [You must be registered and logged in to see this link.]
Hosts: 94.63.147.17 [You must be registered and logged in to see this link.]
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\morey gottesman\application data\mozilla\firefox\profiles\no7clpoj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-22 337112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-22 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 44768]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-3 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 652360]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-20 20464]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
.
=============== Created Last 30 ================
.
2012-03-03 20:33:25 -------- d-----w- c:\documents and settings\morey gottesman\application data\SUPERAntiSpyware.com
2012-03-03 20:32:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-03 20:32:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-03 07:29:51 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3f9ab282-af66-4b45-8e71-f8a86298886b}\offreg.dll
2012-03-02 07:12:31 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3f9ab282-af66-4b45-8e71-f8a86298886b}\mpengine.dll
2012-02-18 13:50:12 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-18 13:50:12 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-03-02 12:11:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:54:47 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 17:09:38.92 ===============

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 3rd March 2012, 10:11 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2009 8:45:45 PM
System Uptime: 3/3/2012 4:39:45 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0TP412
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz | CPU | 2659/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 176.585 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP968: 12/5/2011 7:43:18 AM - System Checkpoint
RP969: 12/6/2011 2:05:24 AM - Software Distribution Service 3.0
RP970: 12/8/2011 2:05:26 AM - Software Distribution Service 3.0
RP971: 12/9/2011 2:05:27 AM - Software Distribution Service 3.0
RP972: 12/9/2011 8:01:40 AM - Software Distribution Service 3.0
RP973: 12/10/2011 8:20:41 AM - System Checkpoint
RP974: 12/11/2011 8:25:12 AM - System Checkpoint
RP975: 12/12/2011 9:24:07 AM - System Checkpoint
RP976: 12/13/2011 1:43:26 AM - Software Distribution Service 3.0
RP977: 12/14/2011 5:12:09 AM - System Checkpoint
RP978: 12/15/2011 5:44:20 AM - System Checkpoint
RP979: 12/15/2011 9:16:34 AM - Software Distribution Service 3.0
RP980: 12/16/2011 1:42:24 AM - Software Distribution Service 3.0
RP981: 12/17/2011 2:02:23 AM - System Checkpoint
RP982: 12/18/2011 9:35:34 AM - System Checkpoint
RP983: 12/19/2011 11:38:23 AM - System Checkpoint
RP984: 12/20/2011 1:52:24 AM - Software Distribution Service 3.0
RP985: 12/21/2011 2:02:22 AM - System Checkpoint
RP986: 12/22/2011 7:56:14 AM - System Checkpoint
RP987: 12/23/2011 1:52:27 AM - Software Distribution Service 3.0
RP988: 12/24/2011 8:32:31 AM - System Checkpoint
RP989: 12/25/2011 9:24:45 AM - System Checkpoint
RP990: 12/26/2011 10:13:41 AM - System Checkpoint
RP991: 12/27/2011 1:52:24 AM - Software Distribution Service 3.0
RP992: 12/28/2011 2:02:22 AM - System Checkpoint
RP993: 12/29/2011 5:52:46 AM - System Checkpoint
RP994: 12/30/2011 1:52:33 AM - Software Distribution Service 3.0
RP995: 12/31/2011 8:06:49 AM - System Checkpoint
RP996: 1/1/2012 10:09:36 AM - System Checkpoint
RP997: 1/2/2012 11:02:23 AM - System Checkpoint
RP998: 1/3/2012 1:52:26 AM - Software Distribution Service 3.0
RP999: 1/4/2012 2:02:23 AM - System Checkpoint
RP1000: 1/5/2012 8:51:36 AM - System Checkpoint
RP1001: 1/6/2012 1:52:27 AM - Software Distribution Service 3.0
RP1002: 1/7/2012 2:02:23 AM - System Checkpoint
RP1003: 1/8/2012 2:26:24 AM - System Checkpoint
RP1004: 1/8/2012 8:58:55 AM - Software Distribution Service 3.0
RP1005: 1/9/2012 9:02:24 AM - System Checkpoint
RP1006: 1/10/2012 1:52:31 AM - Software Distribution Service 3.0
RP1007: 1/11/2012 2:06:54 AM - System Checkpoint
RP1008: 1/12/2012 3:19:25 AM - System Checkpoint
RP1009: 1/13/2012 1:52:26 AM - Software Distribution Service 3.0
RP1010: 1/14/2012 2:06:54 AM - System Checkpoint
RP1011: 1/15/2012 9:34:14 AM - System Checkpoint
RP1012: 1/16/2012 10:58:52 AM - System Checkpoint
RP1013: 1/17/2012 1:52:25 AM - Software Distribution Service 3.0
RP1014: 1/18/2012 2:05:54 AM - System Checkpoint
RP1015: 1/19/2012 7:16:05 AM - System Checkpoint
RP1016: 1/19/2012 10:43:48 AM - Software Distribution Service 3.0
RP1017: 1/20/2012 1:49:24 AM - Software Distribution Service 3.0
RP1018: 1/21/2012 1:53:58 AM - System Checkpoint
RP1019: 1/22/2012 2:52:53 AM - System Checkpoint
RP1020: 1/23/2012 6:18:02 AM - System Checkpoint
RP1021: 1/24/2012 1:49:26 AM - Software Distribution Service 3.0
RP1022: 1/25/2012 3:19:34 AM - System Checkpoint
RP1023: 1/26/2012 5:50:26 AM - System Checkpoint
RP1024: 1/27/2012 1:49:28 AM - Software Distribution Service 3.0
RP1025: 1/28/2012 11:06:42 AM - System Checkpoint
RP1026: 1/29/2012 12:10:43 PM - System Checkpoint
RP1027: 1/30/2012 1:24:49 PM - System Checkpoint
RP1028: 1/31/2012 2:14:23 AM - Software Distribution Service 3.0
RP1029: 2/1/2012 3:44:43 AM - System Checkpoint
RP1030: 2/2/2012 5:56:43 AM - System Checkpoint
RP1031: 2/3/2012 2:14:25 AM - Software Distribution Service 3.0
RP1032: 2/4/2012 2:56:42 AM - System Checkpoint
RP1033: 2/5/2012 3:56:36 AM - System Checkpoint
RP1034: 2/6/2012 7:10:50 AM - System Checkpoint
RP1035: 2/7/2012 1:54:24 AM - Software Distribution Service 3.0
RP1036: 2/8/2012 1:54:25 AM - Software Distribution Service 3.0
RP1037: 2/9/2012 8:04:27 AM - System Checkpoint
RP1038: 2/10/2012 1:40:23 AM - Software Distribution Service 3.0
RP1039: 2/11/2012 2:13:51 AM - System Checkpoint
RP1040: 2/12/2012 9:04:50 AM - System Checkpoint
RP1041: 2/12/2012 5:04:28 PM - Removed iSEEK AnswerWorks English Runtime
RP1042: 2/13/2012 5:13:56 PM - System Checkpoint
RP1043: 2/14/2012 1:40:26 AM - Software Distribution Service 3.0
RP1044: 2/15/2012 3:20:21 AM - System Checkpoint
RP1045: 2/16/2012 6:56:27 AM - System Checkpoint
RP1046: 2/17/2012 1:40:26 AM - Software Distribution Service 3.0
RP1047: 2/18/2012 2:13:57 AM - System Checkpoint
RP1048: 2/18/2012 8:50:49 AM - Software Distribution Service 3.0
RP1049: 2/19/2012 9:07:46 AM - System Checkpoint
RP1050: 2/20/2012 9:21:38 AM - System Checkpoint
RP1051: 2/20/2012 3:42:58 PM - Installed TurboTax 2011 wrapper
RP1052: 2/20/2012 5:14:25 PM - Installed TurboTax 2011 wnyiper
RP1053: 2/20/2012 5:16:47 PM - Installed TurboTax 2011 wnjiper
RP1054: 2/21/2012 2:22:26 AM - Software Distribution Service 3.0
RP1055: 2/22/2012 7:32:01 AM - System Checkpoint
RP1056: 2/23/2012 12:52:23 PM - System Checkpoint
RP1057: 2/24/2012 2:22:25 AM - Software Distribution Service 3.0
RP1058: 2/25/2012 4:25:59 AM - System Checkpoint
RP1059: 2/26/2012 4:43:36 AM - System Checkpoint
RP1060: 2/27/2012 9:40:40 AM - System Checkpoint
RP1061: 2/28/2012 2:12:24 AM - Software Distribution Service 3.0
RP1062: 2/29/2012 4:49:05 AM - System Checkpoint
RP1063: 3/1/2012 7:46:47 AM - System Checkpoint
RP1064: 3/2/2012 2:12:27 AM - Software Distribution Service 3.0
RP1065: 3/3/2012 6:23:24 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
avast! Free Antivirus
Belarc Advisor 7.2
Bing Bar
BitPim 1.0.7.20091103
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Custom Skin Clock version 1.4
Dell Driver Download Manager
Dell ETS Factory Installation
DivX Version Checker
Epson Copy Utility 3.4
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
erLT
ESET Online Scanner v3
fflink
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Hallmark Card Studio
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo Printing Software
Image Resizer Powertoy for Windows XP
Intel(R) Matrix Storage Manager
iTunes
Jasc Paint Shop Pro 9
Java(TM) 6 Update 17
Junk Mail filter update
KhalInstallWrapper
Kodak EasyShare software
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 5 Web Accessories
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
netbrdg
NVIDIA Drivers
O&O Defrag Professional Edition
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PowerDesk 6
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SpywareBlaster 4.6
Stamps.com
Stamps.com support for Microsoft Outlook 2000-2007
Stamps.com support for Microsoft Outlook 97-2007
Stamps.com support for Microsoft Word 2000-2007
SUPERAntiSpyware
System Requirements Lab
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnjiper
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnjiper
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Tweakui Powertoy for Windows XP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/3/2012 4:43:33 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2

00000002, parameter3 00000000, parameter4 8050c653.
3/2/2012 7:30:53 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 3rd March 2012, 11:26 pm

Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="[You must be registered and logged in to see this link.][You must be registered and logged in to see this link.]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 5:41 pm

can't post combofix log ... help?

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 6:32 pm

Splitting it up:
Part one:
ComboFix 12-03-04.01 - 03/04/2012 12:20:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1162 [GMT -5:00]
Running from: c:\documents and settings\\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET425.tmp
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-03 20:33 . 2012-03-03 20:33 -------- d-----w- c:\documents and settings\Morey Gottesman\Application Data\SUPERAntiSpyware.com
2012-03-03 20:32 . 2012-03-03 20:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-03 20:32 . 2012-03-03 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-03 07:29 . 2012-03-04 06:40 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3F9AB282-AF66-4B45-8E71-F8A86298886B}\offreg.dll
2012-03-02 07:12 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3F9AB282-AF66-4B45-8E71-F8A86298886B}\mpengine.dll
2012-02-18 13:50 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-18 13:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 12:11 . 2011-05-13 02:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2010-08-22 21:11 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2010-08-22 21:11 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-07-16 00:03 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2010-08-22 21:12 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2010-08-22 21:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2010-08-22 21:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2010-08-22 21:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2010-08-22 21:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2010-08-22 21:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2010-08-22 21:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-08 06:03 . 2010-04-17 15:11 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-29 10:10 . 2010-04-17 15:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:54 . 2008-04-25 16:16 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-07-20 17:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 12:54 . 2011-04-16 11:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2011-05-14 00:17 . 2011-05-14 00:17 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 45928 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.56.0_x-ww_aab1d96d\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-02-20 20:43 . 2012-02-20 20:43 40808 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.56.0_x-ww_4c48c2f3\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4.exe
+ 2012-03-03 21:40 . 2012-03-03 21:40 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2011-06-11 21:36 . 2008-04-14 12:00 76288 c:\windows\system32\uniime.dll
- 2008-04-25 16:16 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 16:16 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 16:16 . 2012-02-18 13:55 81290 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
+ 2008-04-25 16:16 . 2011-09-26 15:41 20480 c:\windows\system32\oleaccrc.dll
+ 2009-06-10 12:29 . 2008-10-28 02:08 81920 c:\windows\system32\nvwddi.dll
- 2009-06-10 12:29 . 2009-06-10 12:29 81920 c:\windows\system32\nvwddi.dll
+ 2009-06-10 12:28 . 2008-10-28 02:08 86016 c:\windows\system32\nvmctray.dll
- 2009-06-10 12:28 . 2009-06-10 12:28 86016 c:\windows\system32\nvmctray.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 98304 c:\windows\system32\msir3jp.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
- 2008-04-25 16:16 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-25 16:16 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
+ 2008-04-25 16:16 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 70656 c:\windows\system32\korwbrkr.dll
+ 2008-04-25 16:16 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
- 2008-04-25 16:16 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 10240 c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2011-06-11 21:36 . 2008-04-14 12:00 44032 c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2011-06-11 21:36 . 2008-04-14 12:00 67584 c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2011-06-11 21:36 . 2008-04-14 12:00 70144 c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2011-06-11 21:36 . 2008-04-14 12:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2010-03-18 18:16 . 2010-03-18 18:16 70472 c:\windows\system32\dxva2.dll
+ 2011-11-29 13:27 . 2009-04-17 20:48 18304 c:\windows\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\I386\grmngen.sys
+ 2008-04-25 16:16 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
- 2009-12-26 21:13 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-12-26 21:13 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 86073 c:\windows\system32\dllcache\voicesub.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 76288 c:\windows\system32\dllcache\uniime.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 67584 c:\windows\system32\dllcache\pmigrate.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 70144 c:\windows\system32\dllcache\pintlphr.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 53760 c:\windows\system32\dllcache\pintlcsd.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\padrs804.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2011-09-26 15:41 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-08-15 14:42 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2011-06-11 21:36 . 2008-04-14 12:00 98304 c:\windows\system32\dllcache\msir3jp.dll
+ 2007-08-13 22:54 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-14 03:42 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-14 03:42 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2007-08-13 22:44 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:44 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 70656 c:\windows\system32\dllcache\korwbrkr.dll
+ 2007-08-13 22:54 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 59392 c:\windows\system32\dllcache\imscinst.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 45109 c:\windows\system32\dllcache\imjpuex.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 81976 c:\windows\system32\dllcache\imjpdct.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 86016 c:\windows\system32\dllcache\imekrmbx.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 36864 c:\windows\system32\dllcache\hanjadic.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 57399 c:\windows\system32\dllcache\cplexe.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 56320 c:\windows\system32\dllcache\chtskdic.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 97792 c:\windows\system32\dllcache\chtmbx.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\system32\dllcache\agt0404.dll
- 2008-04-25 16:16 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-25 16:16 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\msagent\intl\agt0804.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\msagent\intl\agt0412.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\msagent\intl\agt0411.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 19456 c:\windows\msagent\intl\agt0404.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2011-07-09 14:30 . 2011-07-09 14:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-25 16:07 . 2011-12-25 16:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 19:55 . 2010-09-23 19:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-09-23 06:26 . 2010-09-23 06:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2011-12-25 03:55 . 2011-12-25 03:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 6:32 pm

combofix log part 2:

+ 2011-12-25 04:49 . 2011-12-25 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2011-12-25 04:49 . 2011-12-25 04:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16 13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 50024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.QuickBaseClient.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 57704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 79208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Core\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Core.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 58728 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHtmlParser\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 18792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 47464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 18944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 45928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-02-20 20:43 . 2012-02-20 20:43 40808 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4.exe
+ 2012-02-20 20:43 . 2012-02-20 20:43 99688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 44392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-02-20 20:43 . 2012-02-20 20:43 70504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-18 13:55 . 2012-02-18 13:55 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-20 22:16 . 2012-02-20 22:16 38912 c:\windows\Installer\c0f2e65.msi
+ 2012-02-20 22:14 . 2012-02-20 22:14 50688 c:\windows\Installer\c0f2e60.msi
+ 2012-02-20 20:43 . 2012-02-20 20:43 27136 c:\windows\Installer\bbb71d9.msi
+ 2011-06-30 10:41 . 2011-06-30 10:41 19968 c:\windows\Installer\13bbc3f8.msi
- 2009-10-03 21:15 . 2011-04-16 16:31 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-10-03 21:15 . 2012-02-18 13:51 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-10-03 21:15 . 2011-04-16 16:31 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-10-03 21:15 . 2012-02-18 13:51 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-10-03 21:15 . 2011-04-16 16:31 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-10-03 21:15 . 2012-02-18 13:51 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-10-03 21:15 . 2012-02-18 13:51 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-10-03 21:15 . 2011-04-16 16:31 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-10-03 21:15 . 2011-04-16 16:31 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-03 21:15 . 2012-02-18 13:51 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-12-15 14:24 . 2011-12-15 14:24 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-12 16:37 . 2011-04-23 16:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-12 16:37 . 2012-02-18 14:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 15360 c:\windows\ime\shared\res\padrs804.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 14336 c:\windows\ime\shared\res\padrs412.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 36927 c:\windows\ime\shared\res\padrs411.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 15872 c:\windows\ime\shared\res\PADRS404.DLL
+ 2011-06-11 21:36 . 2008-04-14 12:00 59904 c:\windows\ime\imkr6_1\imkrinst.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 36864 c:\windows\ime\imkr6_1\dicts\hanjadic.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 86016 c:\windows\ime\imkr6_1\applets\imekrmbx.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 45109 c:\windows\ime\imjp8_1\imjpuex.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 81976 c:\windows\ime\imjp8_1\imjpdct.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 57398 c:\windows\ime\imjp8_1\imjpdadm.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 57399 c:\windows\ime\imjp8_1\cplexe.exe
+ 2011-06-11 21:36 . 2008-04-14 12:00 86073 c:\windows\ime\imjp8_1\applets\voicesub.dll
+ 2011-06-11 21:36 . 2008-04-14 12:00 56320 c:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2011-06-11 21:36 . 2008-04-14 12:00 97792 c:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2011-06-11 21:36 . 2008-04-14 12:00 53760 c:\windows\ime\chsime\applets\PINTLCSD.DLL
+ 2012-02-18 13:58 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-18 13:58 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-18 13:58 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-18 13:58 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-18 13:58 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2011-12-15 14:24 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-15 14:24 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-15 14:24 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-15 14:24 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-15 14:24 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-14 11:53 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-14 11:53 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-14 11:53 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-14 11:53 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-14 11:53 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-08-15 14:42 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-15 14:42 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-15 14:42 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-15 14:42 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-15 14:42 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-06-17 10:50 . 2011-02-22 23:06 12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-17 10:50 . 2011-02-22 23:06 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-17 10:50 . 2011-02-22 23:06 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-17 10:50 . 2011-02-22 23:06 43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-17 10:50 . 2011-02-22 23:06 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2012-01-08 14:02 . 2012-01-08 14:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8f9ce825\System.Drawing.Design.dll
+ 2012-01-08 14:02 . 2012-01-08 14:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_46672352\CustomMarshalers.dll
+ 2011-12-15 14:39 . 2011-12-15 14:39 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
+ 2012-02-20 20:46 . 2012-02-20 20:46 14848 c:\windows\assembly\NativeImages_v4.0.30319_32\TVM\1f450966a9d10da0001b9b49485d453e\TVM.ni.dll
+ 2011-12-15 14:41 . 2011-12-15 14:41 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\f45abd2caa9f93bb60ce92de6a885d6e\System.Windows.Presentation.ni.dll
+ 2012-02-18 14:30 . 2012-02-18 14:30 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
+ 2012-02-18 14:30 . 2012-02-18 14:30 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
+ 2011-12-15 14:41 . 2011-12-15 14:41 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\c15f4190f96acf9b328fa3645c2063ea\System.Web.ApplicationServices.ni.dll
+ 2011-12-15 14:41 . 2011-12-15 14:41 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e97547ed8d34e96b9d5836ea04b28c26\System.ServiceModel.Channels.ni.dll
+ 2012-02-18 14:29 . 2012-02-18 14:29 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
+ 2011-12-15 14:40 . 2011-12-15 14:40 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\b811cdf42feaf9a32408b03ab1c4e2d5\System.AddIn.Contract.ni.dll
+ 2011-12-15 14:39 . 2011-12-15 14:39 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
+ 2011-12-15 14:39 . 2011-12-15 14:39 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\1f368300314889ee35325be9f80ef1c3\Accessibility.ni.dll
+ 2012-02-18 14:15 . 2012-02-18 14:15 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\eb16aea781fcdb3ed93c298a3b9e2850\WindowsLiveWriter.ni.exe
+ 2011-12-15 14:37 . 2011-12-15 14:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\1ee639a35730f580f0266d2466d3976d\WindowsLiveWriter.ni.exe
+ 2012-02-18 14:15 . 2012-02-18 14:15 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\893a11978f44a813c6bec2723f5137a4\WindowsLive.Writer.Api.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4490f2c7ba373caac054470763d7081d\WindowsLive.Writer.Api.ni.dll
+ 2011-12-15 14:20 . 2011-12-15 14:20 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\888b745ca99d39692c2e9af222e5eae8\UIAutomationProvider.ni.dll
+ 2012-02-18 14:15 . 2012-02-18 14:15 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\c371aab947b2172acf1cda1de54e00cf\TVM.ni.dll
+ 2012-02-18 14:15 . 2012-02-18 14:15 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\8cf541848cc03d993ebd868e7aed1927\TVM.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\78224b12859d6696032e4410a13f8d94\TVM.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\0fa4ccfc326799e1566dcd71268b304f\TVM.ni.dll
+ 2012-02-18 14:27 . 2012-02-18 14:27 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2011-12-15 14:39 . 2011-12-15 14:39 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
+ 2012-01-08 14:08 . 2012-01-08 14:08 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-02-18 14:27 . 2012-02-18 14:27 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2011-12-15 14:38 . 2011-12-15 14:38 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-18 14:26 . 2012-02-18 14:26 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-12-15 14:38 . 2011-12-15 14:38 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\e6a9cd66d11a21776dbf425e8e28099c\System.AddIn.Contract.ni.dll
+ 2011-12-15 14:20 . 2011-12-15 14:20 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
+ 2012-02-18 13:57 . 2012-02-18 13:57 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-18 13:54 . 2012-02-18 13:54 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2011-12-15 14:20 . 2011-12-15 14:20 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5b30652a7b802199984f93b5e414260f\PresentationCFFRasterizer.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\eaa8d72317e5b8047e413939cc71ffba\Microsoft.Vsa.ni.dll
+ 2012-02-18 14:15 . 2012-02-18 14:15 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2011-12-15 14:20 . 2011-12-15 14:20 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
+ 2011-12-15 14:38 . 2011-12-15 14:38 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-12-15 14:20 . 2011-12-15 14:20 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2012-02-18 14:15 . 2012-02-18 14:15 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\5b7e43c6d33572e2f1b97d7da850d568\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\0ea5a5c4bd15ef1076a3719ae918f937\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2011-12-15 14:37 . 2011-12-15 14:37 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-12-15 14:20 . 2011-12-15 14:20 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-18 13:53 . 2012-02-18 13:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-18 13:52 . 2012-02-18 13:52 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-04-16 16:28 . 2011-04-16 16:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-02 17:04 . 2010-10-02 17:04 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-01-08 14:02 . 2012-01-08 14:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-15 14:24 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
+ 2011-12-15 14:24 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
+ 2011-12-15 14:24 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
+ 2012-01-19 15:45 . 2008-04-14 12:00 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-01-19 15:44 . 2008-04-14 12:00 58368 c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2011-08-30 14:27 . 2010-11-03 13:12 46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe
+ 2011-08-30 14:27 . 2011-07-09 00:32 16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll
+ 2011-08-15 14:42 . 2008-04-14 12:00 10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys
+ 2011-10-14 11:51 . 2008-04-14 12:00 16896 c:\windows\$NtUninstallKB2564958$\oleaccrc.dll
+ 2011-07-21 03:10 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll
+ 2012-01-19 15:45 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-19 15:45 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2011-11-11 12:12 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-11 12:12 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2011-12-15 14:24 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
+ 2011-12-15 14:16 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 6:34 pm

JUST end of file:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-28 86016]
"Custom Skin Clock"="c:\program files\Custom Skin Clock\Clock.exe" [2008-01-30 712704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-3 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-05-07 19:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Morey Gottesman\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/15/2011 7:03 PM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/22/2010 4:12 PM 337112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2010 4:12 PM 20696]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/3/2009 2:30 PM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 12:59 PM 652360]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2011 12:59 PM 20464]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-03-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: epiphone.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Morey Gottesman\Application Data\Mozilla\Firefox\Profiles\no7clpoj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Stamps.com support for Microsoft Outlook 2000-2007 - c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2007 - c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Word 2000-2007 - c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-03-04 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="EE7837726B8200BA31BFCE11E60E636EAC146CA5331AC6B4003DBC95DEC750F27E414A824A96A1E7FC616E67E42BF9C9FCB52239362C27F39E4411A1C0294626E5BE84C1251A5153CC3B998CA763047E290F4B2C78F7892BE42A4D744F7C7C5C7B8EB1EFDA89B92054D1DDF27C6C8030E3AC5BBE510B609F21A3EB4113497B1CCA306FD0448518377C0EA00CA72000488F831D381319B1DB544D3ABE093B5EB09189322DA6D23DC4DFBC1A53DBFB2BF445682B627E791BAE33A659A620225729C1E03FCE415B0FB84D91554446A2BA27D29676094BA5CB292893C0B73DF129D803E3B387442C06C6492032DE8359FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B5559DB7CE019D40AA5C8D70B70BE78B7666B417C3DABBF124B8B0C380615DA8F85CB85AB573D21092C4000DCCC88E8795A60FE92CF86C0DE9BB5EFB5792765C43A7C8F963BE7F2982D8CC7BBEEA8C645F8A98D7C1970992634AF1F514A055343D14E04166A49A38D30030A9EC77F4883B7643ADBDA46B9AE87F327BEF7E39184A9A39A090C4E59797AC7BC469D6AE6086F415FA9171BCC0C31F799F560930F641D42248ED2476A5D0EF92BFF9D4F4DA92B2A614DF35FD27318DB538687E20426C027F31BA29B6C57784EC521AA1D4EC257FA5117F868371E356E95CFA00C1708B844712691FE25D784597787852B38CF551D24EFDE474C902A6AB6B9595A279D16386EA1FB50ED7B2B1B270F65E46B6B3C0036C19B04C5AA550258575A8A2DCE54ADA7EB4809EA37A6D723C2D2318EAFD0A20CEC42FDAD5DC48950E0C07F59AE3077852B7F54DB318419F26E461082CE90FA71D288A45F0A8AACDB1FB642639D80DA6306B72287F489896B51CBBC70380552BC420CF816380B3365B1FD610C249733FA5C3341000B904C53D85BB60F9BF834E75BB70DAE8CCC5C6BC81D8E444AA753406E9E03CB49137334E88CE2A229767CC243DC1F345EC670FCAE2C7A84E6AF086E73D7DB6206709F63FBE43D58D6D73F1861E7DBE3AB34131BE3A673479E5E94EA34EF6DAC847763DAC774FE4D41B3A9F9B08408290E4A1E3952DDC345CEF0637D8611B5D39309EC6F535092E14ECF64BA15C0CDB97BB7AEF111AB3AA17D09180E8729FC20118C6E53DADEFDDE923847D1D2CC5BA9CE5E2B5351159E9C8C2F9FBFA2D9A64B2E5D405E9CB62F079746555D741B7E2778692A5CCD5219D99F45393777387EF6375D59F27ADA43B6D883D02DA170FEA7D32E9C6E362C141B18954BF8EDB4468AE977A46642760636D7CD54AF95B5CC08EF2E7B3CB6253A4BE99D791B1AD17A2B310959CD4BE21E3ACE11B86C5F395220948B5991A3657EDF22F5C2C166926C815169E5CEE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-03-04 12:27:58
ComboFix-quarantined-files.txt 2012-03-04 17:27
ComboFix2.txt 2011-05-18 00:05
.
Pre-Run: 189,587,410,944 bytes free
Post-Run: 191,251,382,272 bytes free
.
- - End Of File - - 34A2D33D9701CD8D57841760B29D278B

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 4th March 2012, 7:22 pm

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: epiphone.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\download.windowsupdate
    Trusted Zone: turbotax.com

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this script.

**************************************************
Do you have your XP disk?

Please download SystemLook from one of the links below and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.
Code:
:filefind
i8042prt.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 8:46 pm

Dave
If ComboFix appears stalled, should i restart it? it's been sitting for OVER 10 minutes. I have my external HDD turned on - it wasn't before - will that be a problem?
Thanks
MG

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 9:21 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 04/03/2012 by Morey
Administrator - Elevation successful

No Context: Code:

========== filefind ==========

Searching for "i8042prt.sys"
No files found.

-= EOF =-

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 4th March 2012, 9:23 pm

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
Windows Defender
Java(TM) 6 Update 17
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (10.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Windows Defender MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 5th March 2012, 2:04 am

If ComboFix appears stalled, should i restart it? it's been sitting for OVER 10 minutes. I have my external HDD turned on - it wasn't before - will that be a problem?
Please try it again and turn off your external drive.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************************
Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 5th March 2012, 2:59 am

Installed Java, removed OLD Java, ran system file checker until window went away,
everything is done.
THANK YOU!
I noticed that my Avast anntivirus is not starting automatically now.
It does start when i run it manually...

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 5th March 2012, 6:28 pm

I noticed that my Avast anntivirus is not starting automatically now.
It does start when i run it manually... .
Go into the Avast program and try the settings to set it to start at boot up. You may have to download a newer version. If that fails, you can download and install MicroSoft Security Essentials (below) Once that's installed, you can uninstall Avast.

4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]

Could you pleae run ComboFix again and post the log. You may omit the Snapshot portion.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 6th March 2012, 12:43 pm

Dave
I searched EVERY tab in "avast" and could not find anything to stat at boot-up! Just a "scan MBR at start" which WAS ticked.
In any case, ehre is the ComboFix log without snapshot details:

ComboFix 12-03-04.02 - 03/06/2012 7:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1264 [GMT -5:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 12:29 . 2008-04-14 05:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-03-06 12:29 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-06 07:04 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9A1CDBC6-EDB9-4A93-9274-17122D30E8DD}\mpengine.dll
2012-03-05 02:51 . 2008-04-14 12:00 46592 -c--a-w- c:\windows\system32\dllcache\svcext51.dll
2012-03-05 02:50 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2012-03-05 02:49 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-05 02:48 . 2008-04-14 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2012-03-05 02:47 . 2008-04-14 10:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2012-03-05 02:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-05 02:45 . 2001-08-17 17:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-03-05 02:44 . 2008-04-14 12:00 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-03-05 02:43 . 2008-04-14 04:53 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2012-03-05 02:42 . 2008-04-14 12:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2012-03-05 02:41 . 2001-08-17 18:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-03-05 02:40 . 2001-08-17 18:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-03-05 02:39 . 2001-08-17 18:28 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2012-03-05 02:38 . 2001-08-18 03:36 31305 -c--a-w- c:\windows\system32\dllcache\disrvpp.dll
2012-03-05 02:37 . 2001-08-17 18:57 45696 -c--a-w- c:\windows\system32\dllcache\cirrus.sys
2012-03-05 02:36 . 2001-08-17 17:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2012-03-05 02:35 . 2003-03-24 21:52 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2012-03-05 02:30 . 2012-03-05 02:30 -------- d-----w- c:\program files\Common Files\Java
2012-03-05 02:30 . 2012-03-05 02:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-05 02:30 . 2012-03-05 02:30 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-05 02:30 . 2012-03-05 02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 13:50 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-18 13:50 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 12:11 . 2011-05-13 02:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 16:23 . 2010-08-22 21:11 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2010-08-22 21:11 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-07-16 00:03 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2010-08-22 21:12 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2010-08-22 21:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2010-08-22 21:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2010-08-22 21:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2010-08-22 21:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2010-08-22 21:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2010-08-22 21:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-23 14:18 . 2010-04-17 15:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2010-04-17 15:11 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-12 16:54 . 2008-04-25 16:16 1869056 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-07-20 17:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 12:54 . 2011-04-16 11:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-04-14 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.


+

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-28 13578240]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-28 86016]
"Custom Skin Clock"="c:\program files\Custom Skin Clock\Clock.exe" [2008-01-30 712704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-3 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-05-07 19:28 591696 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-10-03 14:14 1409384 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Morey Gottesman\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/15/2011 7:03 PM 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/22/2010 4:12 PM 337112]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2010 4:12 PM 20696]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/3/2009 2:30 PM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/20/2011 12:59 PM 652360]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/20/2011 12:59 PM 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2012-03-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: epiphone.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Morey Gottesman\Application Data\Mozilla\Firefox\Profiles\no7clpoj.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-03-06 07:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="EE7837726B8200BA31BFCE11E60E636EAC146CA5331AC6B4003DBC95DEC750F27E414A824A96A1E7FC616E67E42BF9C9FCB52239362C27F39E4411A1C0294626E5BE84C1251A5153CC3B998CA763047E290F4B2C78F7892BE42A4D744F7C7C5C7B8EB1EFDA89B92054D1DDF27C6C8030E3AC5BBE510B609F21A3EB4113497B1CCA306FD0448518377C0EA00CA72000488F831D381319B1DB544D3ABE093B5EB09189322DA6D23DC4DFBC1A53DBFB2BF445682B627E791BAE33A659A620225729C1E03FCE415B0FB84D91554446A2BA27D29676094BA5CB292893C0B73DF129D803E3B387442C06C6492032DE8359FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B5559DB7CE019D40AA5C8D70B70BE78B7666B417C3DABBF124B8B0C380615DA8F85CB85AB573D21092C4000DCCC88E8795A60FE92CF86C0DE9BB5EFB5792765C43A7C8F963BE7F2982D8CC7BBEEA8C645F8A98D7C1970992634AF1F514A055343D14E04166A49A38D30030A9EC77F4883B7643ADBDA46B9AE87F327BEF7E39184A9A39A090C4E59797AC7BC469D6AE6086F415FA9171BCC0C31F799F560930F641D42248ED2476A5D0EF92BFF9D4F4DA92B2A614DF35FD27318DB538687E20426C027F31BA29B6C57784EC521AA1D4EC257FA5117F868371E356E95CFA00C1708B844712691FE25D784597787852B38CF551D24EFDE474C902A6AB6B9595A279D16386EA1FB50ED7B2B1B270F65E46B6B3C0036C19B04C5AA550258575A8A2DCE54ADA7EB4809EA37A6D723C2D2318EAFD0A20CEC42FDAD5DC48950E0C07F59AE3077852B7F54DB318419F26E461082CE90FA71D288A45F0A8AACDB1FB642639D80DA6306B72287F489896B51CBBC70380552BC420CF816380B3365B1FD610C249733FA5C3341000B904C53D85BB60F9BF834E75BB70DAE8CCC5C6BC81D8E444AA753406E9E03CB49137334E88CE2A229767CC243DC1F345EC670FCAE2C7A84E6AF086E73D7DB6206709F63FBE43D58D6D73F1861E7DBE3AB34131BE3A673479E5E94EA34EF6DAC847763DAC774FE4D41B3A9F9B08408290E4A1E3952DDC345CEF0637D8611B5D39309EC6F535092E14ECF64BA15C0CDB97BB7AEF111AB3AA17D09180E8729FC20118C6E53DADEFDDE923847D1D2CC5BA9CE5E2B5351159E9C8C2F9FBFA2D9A64B2E5D405E9CB62F079746555D741B7E2778692A5CCD5219D99F45393777387EF6375D59F27ADA43B6D883D02DA170FEA7D32E9C6E362C141B18954BF8EDB4468AE977A46642760636D7CD54AF95B5CC08EF2E7B3CB6253A4BE99D791B1AD17A2B310959CD4BE21E3ACE11B86C5F395220948B5991A3657EDF22F5C2C166926C815169E5CEE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-06 07:35:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 12:35
ComboFix2.txt 2012-03-04 21:17
ComboFix3.txt 2012-03-04 17:27
ComboFix4.txt 2011-05-18 00:05
.
Pre-Run: 190,698,835,968 bytes free
Post-Run: 190,777,790,464 bytes free
.
- - End Of File - - F7B35D68218572634E872B272316DD00

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 6th March 2012, 7:32 pm

Good. The missing file was replaced.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 7th March 2012, 1:59 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A678D000
Module End: A6855000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: A7575000
Module End: A757D000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: A686DDC4
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: A68FA904
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject
Address: A686E832
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwClose
Address: A689AABD
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: A687325C
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: A68732A8
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: A687339A
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: A689A471
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: A68731CA
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: A68732EC
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: A6873212
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: A6873354
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: A686DE10
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: A689B183
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: A689B439
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: A6870920
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: A689AFEE
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: A689AE59
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: A68FA9DE
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: A686DAA2
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: A686DE5C
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: A6870C94
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: A686EAD6
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: A6873286
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: A68732CA
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: A68733BE
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: A689A7CD
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: A68731F0
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: A6870490
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: A6873326
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: A687323A
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: A68706C4
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: A6873378
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: A68FAB4A
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: A689ACD4
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: A686E9A2
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: A689AB26
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: A6904858
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: A6899AE4
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: A686DEA8
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: A686DEF4
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: A686DB12
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: A686DCB6
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: A689B28A
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: A686DC5E
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: A686DD26
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: A68FAC0A
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwVdmControl
Address: A686DF40
Driver Base: A6855000
Driver End: A68EF000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory
Address: A68FAA8A
Driver Base: A68EF000
Driver End: A6940000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 805D117A
Jump To: A6910A76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805BC556
Jump To: A690D96C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805D117A
Jump To: A6910A76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805BC556
Jump To: A690D96C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805C2FDA
Jump To: A690F42C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805BC556
Jump To: A690D96C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 7th March 2012, 6:57 pm

Please give me an update on how your computer is working.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 8th March 2012, 12:43 am

The PC seems to be running well, the browser redirects are long gone. Avast still does not appear in the system tray when i restart the PC - Windows Security System tells me my AV is on, yet i have to manually start the Avast interface to see the icon in the system tray. I have not yet downloaded or installed Windows Essentials, i want to make sure i'm installing it to a clean machine. Do you think it's superior to Avast?
I'll be running the ESET scan and posting the log next
Thanks
MG

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 8th March 2012, 12:54 am

Do you think it's superior to Avast?
It's just as good with no registration hassles.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 8th March 2012, 10:23 am

ESET log:


C:\Documents and Settings\Morey Gottesman\Application Data\Sun\Java\Deployment\cache\6.0\39\32b7b2a7-3e1aaefe multiple threats deleted - quarantined
C:\Documents and Settings\Morey Gottesman\Application Data\Sun\Java\Deployment\cache\6.0\61\69928a3d-48ed9e92 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 8th March 2012, 2:37 pm

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 8th March 2012, 10:19 pm

Dave
Thanks for the comprehensive instructions. I am having trouble with the first one.. i type "Combofix /Uninstall" and i get this message:
"Windows cannot find combofix, etc. etc." i moved the "exe" file from the4 desktop to a folder on the desktop after running, and then back again.
Help?

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 8th March 2012, 11:24 pm

[You must be registered and logged in to see this link.] wrote:Dave
Thanks for the comprehensive instructions. I am having trouble with the first one.. i type "Combofix /Uninstall" and i get this message:
"Windows cannot find combofix, etc. etc." i moved the "exe" file from the4 desktop to a folder on the desktop after running, and then back again.
Help?

Ok. Just check your C drive to see if you can find a folder named ComboFix there. Perhaps it was removed.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 9th March 2012, 11:58 am

Dave
Thanks once again
I did a complete C:\ drive search afor ComboFix and all it found were some text files in a folder "Qoobox" and the log file in the root directory
...can i delete the Qoobox folder? System Restore appears to be running OK, there are a number of restore points listed and drive C:\ is listed as "Monitoring".
Also, tried to run TFC and it just keeps hanging on startup. Shut down all AV & Malwarebytes, tried running it, just hangs and i see the "Not Responding" message. I never set up my system wth an admin so i can't log in as administrator.
Not having much luck so far
Sad tearing
However on the up side, the pc APPEARS to be running ok?

Regards
Morey

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 9th March 2012, 7:00 pm

can i delete the Qoobox folder? System Restore appears to be running OK, there are a number of restore points listed and drive C:\ is listed as "Monitoring".
Also, tried to run TFC and it just keeps hanging on startup.
Yes, you can delete the Qoobox. We should set a new, clean Restore Point. I'm not sure about the "Monitoring" message
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 10th March 2012, 3:33 pm

Dave
Thanks for all your help and guidance.
I turned off / on System restore, cleaned as much as i could manually, and ran defrag for good measure.
The system appears to be fine now, still a bit disappointed i couldn't get Temp File Cleaner to work.
As you suggested, i will load up a personal firewall i used to use ZoneAlarm a long time ago, but stopped thinking i was safe behind a router.
Oh, one more thing - the "Qoobox" fiolder will not let me deleted it in safe mode or otherwise?
Thanks again
Morey

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 10th March 2012, 7:00 pm

but stopped thinking i was safe behind a router.
Oh, one more thing - the "Qoobox" fiolder will not let me deleted it in safe mode or otherwise?
Some routers have a firewall and some do not. You can download and install UnLocker. You should be able to delete that folder with it.

You can download and install [You must be registered and logged in to see this link.] .

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by moreyag on 11th March 2012, 12:09 am

Thanks once again. Followed your advice, got rid of Qoobox, and the text files in the root directory and everything seems to be running well.
Best regards,
Morey

moreyag
Intermediate
Intermediate

Posts Posts : 95
Joined Joined : 2009-12-05
OS OS : windows xp & xp pro
Points Points : 26889
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Browser hijacked - need hijack this and help

Post by Superdave on 11th March 2012, 12:25 am

You're welcome. Good Luck.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum