WiredWX Hobby Weather ToolsLog in

 


descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    DDS::
    uInternet Settings,ProxyOverride =

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Hello and I need help - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
ComboFix 10-04-17.07 - Lynn 04/21/2010 11:13:54.2.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.957.320 [GMT -7:00]
Running from: c:\users\Lynn\Desktop\ComboFix.exe
Command switches used :: c:\users\Lynn\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Reggie\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Lance\AppData\Local\temp
2010-04-21 18:30 . 2010-04-21 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 02:31 . 2010-04-21 02:31 -------- d-----w- c:\users\Lynn\AppData\Local\Midnight Synergy
2010-04-21 02:28 . 2010-04-21 02:29 -------- d-----w- c:\program files\Wonderland Adventures - Mysteries of Fire Island
2010-04-21 02:21 . 2010-04-21 02:21 -------- d-----w- c:\program files\Wonderland Secret Worlds
2010-04-21 02:08 . 2010-04-21 02:09 -------- d-----w- c:\program files\Hidden Wonders of the Depths 3 - Atlantis Adventures
2010-04-19 17:10 . 2010-04-19 17:10 -------- d-----w- c:\users\Lynn\AppData\Roaming\WildTangentv1001
2010-04-18 21:57 . 2010-04-21 02:13 -------- d-----w- C:\BigFishGamesCache
2010-04-18 01:21 . 2010-04-18 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-18 01:02 . 2010-04-18 01:02 -------- d-----w- c:\programdata\GameHouse
2010-04-18 00:22 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-04-17 21:06 . 2010-04-17 21:06 -------- d-----w- c:\users\Reggie\AppData\Roaming\WildTangentv1001
2010-04-17 18:47 . 2010-04-17 18:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\PlayFirst
2010-04-17 15:37 . 2010-04-17 15:37 -------- d-----w- c:\users\Lance\AppData\Roaming\Malwarebytes
2010-04-17 02:47 . 2010-04-17 02:47 -------- d-----w- c:\users\Reggie\AppData\Roaming\Malwarebytes
2010-04-17 01:53 . 2010-04-17 01:53 -------- d-----w- c:\programdata\WildTangentv1005
2010-04-17 00:58 . 2010-04-17 00:58 -------- d-----w- c:\users\Lynn\AppData\Roaming\FlowPlay
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Malwarebytes
2010-04-16 23:24 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 23:24 . 2010-04-16 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-16 23:24 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 00:15 . 2010-04-16 00:15 -------- d-----w- c:\program files\Sony Online Entertainment
2010-04-15 19:32 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 19:32 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 19:32 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 19:32 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-04-15 19:32 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-04-15 19:31 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 19:31 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 19:31 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 19:31 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 19:31 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 19:31 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 19:30 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2010-04-15 19:30 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2010-04-15 19:30 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2010-04-15 19:30 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-04-15 19:30 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2010-04-15 19:30 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2010-04-15 19:30 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-04-15 19:30 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2010-04-15 19:30 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2010-04-15 19:30 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2010-04-15 19:30 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2010-04-15 19:30 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2010-04-15 19:21 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 19:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 18:28 . 2010-04-15 18:28 -------- d-----w- c:\users\Lance\AppData\Local\Microsoft Games
2010-04-15 17:32 . 2010-04-15 17:32 -------- d-----w- c:\users\Lance\AppData\Roaming\WildTangent
2010-04-15 17:12 . 2010-04-15 17:12 -------- d-----w- c:\users\Lance\AppData\Roaming\SampleView
2010-04-15 15:54 . 2010-04-15 15:54 102424 ----a-w- c:\users\Lance\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\users\Reggie\AppData\Roaming\TikGames
2010-04-13 03:49 . 2010-04-13 03:49 -------- d-----w- c:\programdata\TikGames
2010-04-12 23:14 . 2010-04-12 23:20 -------- d-----w- c:\users\Reggie\AppData\Roaming\Template
2010-03-31 05:29 . 2010-03-31 05:29 -------- d-----w- c:\programdata\Sony Online Entertainment
2010-03-31 04:12 . 2010-03-31 04:12 -------- d-----w- c:\programdata\Beanbag Studios
2010-03-31 03:24 . 2010-03-31 03:24 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gamelab
2010-03-31 01:38 . 2010-03-31 01:38 -------- d-----w- c:\users\Lynn\AppData\Roaming\Shape games
2010-03-30 20:15 . 2010-03-30 20:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-30 20:12 . 2010-03-30 20:12 -------- d-----w- c:\programdata\McAfee Security Scan
2010-03-30 20:12 . 2010-04-10 18:09 -------- d-----w- c:\program files\McAfee Security Scan
2010-03-30 20:10 . 2010-03-31 01:32 -------- d-----w- c:\programdata\NOS
2010-03-27 04:49 . 2010-03-28 21:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\Mind Control Software
2010-03-27 03:33 . 2010-03-27 03:33 -------- d-----w- c:\users\Lynn\AppData\Roaming\Gold Casual Games
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\programdata\Operation Mania
2010-03-27 02:56 . 2010-03-27 02:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Pogo Games
2010-03-26 22:40 . 2010-03-26 22:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\SaveThePuppy
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\Microsoft
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\program files\MSN Toolbar
2010-03-26 21:07 . 2010-03-26 21:15 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-03-25 18:40 . 2010-03-25 18:40 -------- d-----w- c:\users\Lynn\AppData\Roaming\DivoGames
2010-03-25 17:36 . 2010-03-25 17:36 -------- d-----w- c:\users\Lynn\AppData\Roaming\QB9
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\users\Lynn\AppData\Roaming\Braintonik
2010-03-25 16:34 . 2010-03-25 16:34 -------- d-----w- c:\programdata\Braintonik

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 00:31 . 2007-03-17 00:33 -------- d-----w- c:\program files\Gateway Games
2010-04-19 22:43 . 2007-04-30 22:31 -------- d-----w- c:\users\Lynn\AppData\Roaming\PlayFirst
2010-04-19 17:03 . 2008-04-21 03:28 -------- d-----w- c:\users\Lynn\AppData\Roaming\Ludia
2010-04-19 17:03 . 2008-04-21 03:28 -------- d-----w- c:\programdata\Ludia
2010-04-17 18:53 . 2007-03-17 00:33 -------- d-----w- c:\programdata\WildTangent
2010-04-17 18:47 . 2007-09-10 22:16 -------- d-----w- c:\programdata\PlayFirst
2010-04-16 14:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 14:55 . 2007-03-17 00:41 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 17:42 . 2008-03-12 02:36 -------- d-----w- c:\program files\Intermix_media
2010-04-15 15:53 . 2007-05-19 21:51 -------- d-----w- c:\program files\Common Files\Sandlot Shared
2010-04-15 15:52 . 2007-04-30 18:23 -------- d-----w- c:\program files\Common Files\AOL
2010-04-13 05:25 . 2007-05-04 01:43 -------- d-----w- c:\program files\AOL 9.0a
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-13 00:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-13 00:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-12 23:28 . 2008-01-01 20:00 -------- d-----w- c:\program files\Norton Security Scan
2010-04-12 23:14 . 2010-04-12 23:14 0 ----a-w- c:\users\Reggie\AppData\Roaming\wklnhst.dat
2010-04-12 23:08 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-12 23:08 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-12 22:56 . 2007-06-09 04:12 -------- d-----w- c:\program files\ArcSoft
2010-04-12 22:56 . 2007-03-17 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 20:32 . 2007-11-11 03:27 -------- d-----w- c:\program files\Nick Arcade
2010-03-30 20:29 . 2008-03-08 23:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-30 20:12 . 2007-03-17 00:50 -------- d-----w- c:\programdata\McAfee
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\users\Lynn\AppData\Roaming\Flood Light Games
2010-03-26 23:41 . 2008-05-30 15:21 -------- d-----w- c:\programdata\Flood Light Games
2010-03-21 02:57 . 2010-03-21 02:57 -------- d-----w- c:\users\Lynn\AppData\Roaming\Frogwares
2010-03-21 02:57 . 2010-03-20 18:26 -------- d-----w- c:\program files\Alice in Wonderland
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\users\Lynn\AppData\Roaming\Merscom
2010-03-21 01:56 . 2010-03-21 01:56 -------- d-----w- c:\programdata\Merscom
2010-03-21 00:55 . 2010-03-21 00:55 -------- d-----w- c:\programdata\Big Fish Games
2010-03-21 00:55 . 2010-03-13 23:50 -------- d-----w- c:\users\Lynn\AppData\Roaming\Big Fish Games
2010-03-20 20:39 . 2010-03-20 20:39 -------- d-----w- c:\users\Lynn\AppData\Roaming\BigFishv1002
2010-03-20 18:07 . 2007-09-05 01:13 -------- d-----w- c:\program files\bfgclient
2010-03-20 18:01 . 2010-03-20 18:01 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-12 15:53 . 2009-12-05 02:33 102424 ----a-w- c:\users\Reggie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 00:34 . 2007-04-30 20:41 6806 ----a-w- c:\users\Lynn\AppData\Roaming\wklnhst.dat
2010-02-28 23:15 . 2007-11-26 02:26 102424 ----a-w- c:\users\Lynn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 21:06 . 2007-03-17 00:44 -------- d-----w- c:\program files\Microsoft Works
2010-02-24 17:16 . 2009-12-07 21:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 20:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 20:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-30 20:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-30 20:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-12 21:37 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-12 21:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-12 21:37 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:48 . 2010-02-24 19:09 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-24 19:09 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-24 19:09 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-24 19:09 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-24 19:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-24 19:09 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-24 19:09 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-24 19:09 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-24 19:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-05 20:14 . 2009-12-05 20:14 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-28 19:12 . 2008-01-01 03:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-01 03:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-01 03:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-01 03:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-01 03:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-05 30192]
"HostManager"="c:\program files\Common Files\AOL\1177957379\ee\AOLSoftware.exe" [2006-09-26 50736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-09-21 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-05 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 01:00]

2010-03-12 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-20 05:42]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\o0fpjvvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VI2TDF&PC=VI2TDF&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 11:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-21 11:46:46
ComboFix-quarantined-files.txt 2010-04-21 18:46
ComboFix2.txt 2010-04-18 21:18
ComboFix3.txt 2010-04-19 05:52

Pre-Run: 88,107,622,400 bytes free
Post-Run: 89,335,312,384 bytes free

- - End Of File - - 00C85E0D69D772C37145BA82F0563CEB

descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
To uninstall ComboFix

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

Hello and I need help - Page 2 Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
Hello Belahzur,
I uninstalled ComboFix. Is this all I have to do to fix this problem. If I have to do system restore should I trust that the microsoft program I upgraded won't come back and infect my computer again?

Thank you for helping.

Lynn

descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
Hello.
No need to do a system restore, the malware is gone now.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck. Big Grin

descriptionHello and I need help - Page 2 EmptyRe: Hello and I need help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum