WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


hijacked??

2 posters

descriptionhijacked?? - Page 1 EmptyRe: hijacked??10th January 2013, 6:07 pm

more_horiz
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Remove -- Date : 01/10/2013 17:53:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\Laptop User\Desktop\mbar\mbar\mbar.exe /cleanup /s) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FC4C)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA739FD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8046GSX +++++
--- User ---
[MBR] 97df5cbf9b1e0e38646592f4a39a3fab
[BSP] e31b0ec4f270de7c9c2689a6b9f263e8 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01102013_02d1753.txt >>
RKreport[1]_S_01102013_02d1746.txt ; RKreport[2]_D_01102013_02d1753.txt


descriptionhijacked?? - Page 1 EmptyRe: hijacked??10th January 2013, 6:08 pm

more_horiz
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Laptop User [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/10/2013 17:57:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 6 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 381 / Fail 0
Start menu: Success 4 / Fail 0
User folder: Success 83 / Fail 0
My documents: Success 261 / Fail 261
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 123 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_01102013_02d1757.txt >>
RKreport[1]_S_01102013_02d1746.txt ; RKreport[2]_D_01102013_02d1753.txt ; RKreport[3]_SC_01102013_02d1757.txt


descriptionhijacked?? - Page 1 EmptyRe: hijacked??11th January 2013, 1:23 am

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.

descriptionhijacked?? - Page 1 Emptyeset online scan output11th January 2013, 11:43 am

more_horiz
C:\Documents and Settings\Laptop User\My Documents\Downloads\cnet_SolarWinds-TFTP-Server_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{DC44A0AE-E396-4AE3-BC35-2B6D1D69B9F4}\RP1002\A0227518.exe NSIS/TrojanDownloader.Agent.NLH trojan cleaned by deleting - quarantined

descriptionhijacked?? - Page 1 EmptyRe: hijacked??11th January 2013, 12:41 pm

more_horiz
i have just finished the eset online scan deleted and restarted.

the firewall is on.
here is netstat -ano output.
why are so many ports open on the loopback address??

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 996
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING 3080
TCP 127.0.0.1:1276 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1277 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1292 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1296 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1298 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1300 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1302 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1303 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1304 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1305 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1318 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1320 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1326 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1328 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1330 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1332 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1334 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1336 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1338 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1348 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1350 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1352 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1360 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1362 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1364 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1396 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1420 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1454 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1458 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1460 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1499 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1511 127.0.0.1:10080 CLOSE_WAIT 3488
TCP 127.0.0.1:1522 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1552 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1558 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1644 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1649 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:1650 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1690 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:1692 127.0.0.1:10080 ESTABLISHED 3488
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING 640
TCP 127.0.0.1:10080 127.0.0.1:1276 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1277 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1292 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1296 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1310 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1312 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1314 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1316 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1318 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1320 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1326 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1328 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1330 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1332 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1334 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1336 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1338 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1340 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1346 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1348 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1350 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1352 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1353 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1354 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1360 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1362 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1364 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1372 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1374 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1378 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1380 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1381 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1382 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1390 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1391 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1394 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1396 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1414 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1418 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1420 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1432 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1434 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1440 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1446 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1454 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1458 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1460 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1470 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1472 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1485 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1501 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1504 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1508 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1510 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1511 FIN_WAIT_2 640
TCP 127.0.0.1:10080 127.0.0.1:1513 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1515 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1520 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1522 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1524 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1535 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1552 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1555 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1556 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1557 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1558 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1563 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1566 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1569 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1570 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1573 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1575 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1576 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1577 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1578 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1579 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1580 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1587 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1588 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1593 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1594 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1597 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1603 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1605 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1607 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1609 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1617 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1618 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1623 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1626 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1629 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1644 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1646 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1648 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1649 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1655 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1656 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1657 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1658 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1659 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1667 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1672 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1673 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1674 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1678 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1680 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:1692 ESTABLISHED 640
TCP 127.0.0.1:10080 127.0.0.1:1694 TIME_WAIT 0
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING 2064
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING 640
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING 640
TCP 192.168.1.2:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.2:1281 173.194.78.94:80 ESTABLISHED 640
TCP 192.168.1.2:1286 173.194.78.94:80 ESTABLISHED 640
TCP 192.168.1.2:1293 173.194.41.191:80 ESTABLISHED 640
TCP 192.168.1.2:1297 173.194.41.151:80 ESTABLISHED 640
TCP 192.168.1.2:1299 173.194.41.151:80 TIME_WAIT 0
TCP 192.168.1.2:1301 173.194.41.143:80 TIME_WAIT 0
TCP 192.168.1.2:1306 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1307 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1308 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1309 173.194.78.94:80 TIME_WAIT 0
TCP 192.168.1.2:1319 173.194.41.136:80 ESTABLISHED 640
TCP 192.168.1.2:1321 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1327 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1329 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1331 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1333 23.14.136.74:80 ESTABLISHED 640
TCP 192.168.1.2:1335 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1337 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1339 173.194.41.154:80 ESTABLISHED 640
TCP 192.168.1.2:1349 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1351 173.194.41.153:80 ESTABLISHED 640
TCP 192.168.1.2:1355 173.194.41.156:80 ESTABLISHED 640
TCP 192.168.1.2:1361 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1363 23.14.87.231:80 ESTABLISHED 640
TCP 192.168.1.2:1365 173.194.41.141:80 ESTABLISHED 640
TCP 192.168.1.2:1397 23.14.136.74:80 ESTABLISHED 640
TCP 192.168.1.2:1421 173.194.41.141:80 ESTABLISHED 640
TCP 192.168.1.2:1457 173.194.41.155:80 ESTABLISHED 640
TCP 192.168.1.2:1459 69.25.24.26:80 ESTABLISHED 640
TCP 192.168.1.2:1461 31.186.225.24:80 ESTABLISHED 640
TCP 192.168.1.2:1500 173.194.41.155:80 TIME_WAIT 0
TCP 192.168.1.2:1512 64.191.216.116:80 CLOSE_WAIT 640
TCP 192.168.1.2:1523 64.191.216.116:80 ESTABLISHED 640
TCP 192.168.1.2:1550 199.7.55.190:80 TIME_WAIT 0
TCP 192.168.1.2:1553 173.194.78.106:80 ESTABLISHED 640
TCP 192.168.1.2:1554 173.194.41.154:443 ESTABLISHED 3488
TCP 192.168.1.2:1561 173.194.78.95:80 ESTABLISHED 640
TCP 192.168.1.2:1645 80.150.193.66:80 ESTABLISHED 640
TCP 192.168.1.2:1652 74.217.78.146:80 ESTABLISHED 640
TCP 192.168.1.2:1653 74.217.78.146:80 TIME_WAIT 0
TCP 192.168.1.2:1691 217.72.250.66:80 TIME_WAIT 0
TCP 192.168.1.2:1693 173.194.41.100:80 ESTABLISHED 640
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 760
UDP 0.0.0.0:4500 *:* 760
UDP 127.0.0.1:123 *:* 1092
UDP 127.0.0.1:1900 *:* 1396
UDP 192.168.1.2:123 *:* 1092
UDP 192.168.1.2:137 *:* 4
UDP 192.168.1.2:138 *:* 4
UDP 192.168.1.2:1900 *:* 1396

descriptionhijacked?? - Page 1 EmptyRe: hijacked??11th January 2013, 1:37 pm

more_horiz
Wont install MS update KB2742597
Still looks like a lot of packets being transferred. 11,000 sent 12,000 received, in a short period of time.
i ran tcpview.exe but it looks ok

to remove the Qoobox from malware bytes, just uninstall? this programme isn't on my add / remove programmes list!!! is there another way?

descriptionhijacked?? - Page 1 EmptyRe: hijacked??11th January 2013, 3:35 pm

more_horiz
new combofix out put


ComboFix 13-01-08.01 - Laptop User 11/01/2013 14:35:46.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.3574.2888 [GMT 0:00]
Running from: c:\documents and settings\Laptop User\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 13:31 . 2013-01-11 13:31 -------- d-----w- c:\windows\LastGood
2013-01-10 17:17 . 2013-01-10 17:17 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-01-10 02:56 . 2013-01-10 02:56 -------- d-----w- c:\documents and settings\Laptop User\Local Settings\Application Data\PCHealth
2013-01-09 05:19 . 2013-01-09 05:19 -------- d-----w- c:\documents and settings\Mrs Snoozlepotts\Application Data\Malwarebytes
2012-12-13 21:41 . 2012-12-13 21:41 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-12 13:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-12 13:33 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 16:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-12 13:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 03:30 . 2004-08-12 13:33 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:30 . 2004-08-12 13:20 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:30 . 2004-08-12 13:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-01 03:30 . 2004-08-12 13:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-01-28 22:49 . 2009-01-28 22:49 22260008 -c--a-w- c:\program files\SkypeSetup.exe
2012-01-12 05:34 . 2012-01-12 05:34 303416 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-05-18 14:22 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-05-18 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-19 2042208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 19:48 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Laptop User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Laptop User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-05-26 10:03 2346192 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 18:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 16:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-05 16:13 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-07-25 15:30 974848 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2007-07-25 15:32 823296 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-31 12:13 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-05-18 16:25 323584 ------w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7311_Monitor]
2006-11-03 11:01 319488 ----a-w- c:\windows\PixArt\PAC7311\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 16:13 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-02 04:56 421888 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-02-19 13:26 303104 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-11-09 11:27 17877168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-31 02:41 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"OracleXETNSListener"=2 (0x2)
"OracleXEClrAgent"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate1c99377942a6a2e"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dopewars-server"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Cisco Packet Tracer 5.3\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Laptop User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [27/03/2007 15:46 3456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/08/2008 14:09 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/08/2008 14:09 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/09/2008 11:05 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2008 11:05 297752]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/08/2008 17:19 108032]
S2 gupdate1c99377942a6a2e;Google Update Service (gupdate1c99377942a6a2e);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 16:23 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 160944]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [08/08/2008 14:23 37296]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/01/2013 17:17 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/03/2012 11:58 20464]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/08/2004 13:30 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [28/08/2009 00:07 47360]
S4 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -N --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/03/2012 11:58 652360]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [01/02/2006 23:49 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 16:23]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Fotofox: fotofox@mozilla.com - %profile%\extensions\fotofox@mozilla.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: GoogleTube: googletube@googletube.com - %profile%\extensions\googletube@googletube.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: CSS Validator: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09} - %profile%\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
FF - Ext: EditCSS: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2} - %profile%\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
FF - Ext: ImageBot: {55009080-176f-11da-8cd6-0800200c9a66} - %profile%\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Font Finder: fontfinder@bendodson.com - %profile%\extensions\fontfinder@bendodson.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-11 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1292428093-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\documents and settings\Laptop User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-01-11 14:40:39
ComboFix-quarantined-files.txt 2013-01-11 14:40
ComboFix2.txt 2013-01-11 14:30
ComboFix3.txt 2013-01-11 12:15
ComboFix4.txt 2013-01-11 02:48
ComboFix5.txt 2013-01-11 14:34
.
Pre-Run: 13,177,348,096 bytes free
Post-Run: 13,164,163,072 bytes free
.
- - End Of File - - 181A50F9C8C6B4E74F57E7EFCC06F4D0

descriptionhijacked?? - Page 1 EmptyRe: hijacked??11th January 2013, 4:54 pm

more_horiz
Closer look:

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.

descriptionhijacked?? - Page 1 EmptyRe: hijacked??12th January 2013, 12:32 am

more_horiz
OTL logfile created on: 12/01/2013 00:16:32 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Laptop User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 82.50% Memory free
6.82 Gb Paging File | 6.14 Gb Available in Paging File | 89.95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 12.18 Gb Free Space | 16.34% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Laptop User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/12 00:15:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Laptop User\My Documents\Downloads\OTL.exe
PRC - [2011/10/19 11:22:52 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/21 19:48:18 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/21 19:48:18 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/21 19:48:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/21 19:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/21 19:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe


========== Modules (No Company Name) ==========

MOD - [2007/10/09 18:17:36 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/07/25 15:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/01 23:43:28 | 000,006,144 | ---- | M] () -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\orajox10.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\dopewars-1.5.12\dopewars.exe -- (dopewars-server)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/01/31 12:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/21 19:48:14 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 19:48:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/16 12:29:28 | 006,562,432 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/03/06 12:26:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/02/19 13:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/02/01 23:51:06 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/01 23:49:14 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/10 17:17:03 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/10 14:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 02:10:04 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010/05/07 02:10:04 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010/05/07 02:10:04 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2010/05/07 02:10:04 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010/05/07 02:10:02 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/21 19:48:18 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 19:48:18 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/09 10:26:19 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/10/09 18:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/17 09:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/08 07:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/19 13:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/06 09:40:36 | 000,108,032 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2006/10/20 13:34:16 | 000,037,296 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/09/13 17:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2006/08/17 07:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/24 22:04:05 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005/05/03 15:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com "
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.6.2.1
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledItems: fotofox@mozilla.com:2.1
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {55009080-176f-11da-8cd6-0800200c9a66}:4.2.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 18:51:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/31 02:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 22:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/29 20:49:25 | 000,000,000 | ---D | M]

[2009/01/11 23:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Extensions
[2013/01/06 23:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions
[2010/04/04 01:33:29 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/05/28 00:16:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/07 13:28:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/08/25 13:03:49 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2011/09/19 15:36:22 | 000,000,000 | ---D | M] (View Source In Dreamweaver) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{432b7585-862d-4384-9340-b66a5e426dca}
[2010/04/04 01:33:26 | 000,000,000 | ---D | M] (ImageBot) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{55009080-176f-11da-8cd6-0800200c9a66}
[2011/09/19 15:36:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/05/23 01:32:29 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
[2011/09/19 15:36:22 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/05/23 01:32:35 | 000,000,000 | ---D | M] (CSSViewer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8be51513-0433-45c1-9203-7b45019df871}
[2011/06/05 22:36:50 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/05/23 01:32:30 | 000,000,000 | ---D | M] (EditCSS) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
[2011/08/25 13:03:55 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/04 01:33:21 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/01/11 16:33:13 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/23 01:32:35 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/09/19 15:36:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/11 16:33:11 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/04 01:33:17 | 000,000,000 | ---D | M] (Font Finder) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fontfinder@bendodson.com
[2011/06/05 22:36:53 | 000,000,000 | ---D | M] (Fotofox) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\fotofox@mozilla.com
[2010/04/04 01:33:29 | 000,000,000 | ---D | M] (GoogleTube) -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\googletube@googletube.com
[2010/04/22 03:52:55 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\extensions\ststusscicalc@sunny
[2009/06/08 00:06:18 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Laptop User\Application Data\Mozilla\Firefox\Profiles\nraigjg5.default\searchplugins\bing.xml
[2012/12/14 02:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 13:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/27 02:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 21:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/01/12 05:34:08 | 000,303,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/12 05:34:14 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/09/10 00:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2011/03/22 02:48:40 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 02:48:40 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 02:48:41 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 02:48:41 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.ie/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: MeasureIt! = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4_0\
CHR - Extension: WOT = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: Rulers, Guides, Eye Dropper and Color Picker = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjpngjgkahhflejneemihpbnfdoafoeh\1.1_0\
CHR - Extension: Network and Internet tools = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji\1.65_0\
CHR - Extension: *Ultimate Football Results* = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj\1.6.72_0\
CHR - Extension: Abstract Green Nebula = C:\Documents and Settings\Laptop User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmiakbfojdnbagbidpdhfdfdmdefphkm\1.0_0\

O1 HOSTS File: ([2013/01/09 19:43:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E035440-8BCC-4F6C-A796-5869DFEFBC95}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0110438-7CE7-4023-AEB7-688A3E0C059A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Laptop User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 15:38:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 15:48:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Laptop User\Recent
[2013/01/11 15:48:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/11 14:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/10 19:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\My Documents\tcpview
[2013/01/10 17:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\RK_Quarantine
[2013/01/10 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\mbar
[2013/01/10 02:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\PCHealth
[2013/01/09 19:36:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/09 19:33:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/09 19:33:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/09 19:33:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/09 19:33:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/08 16:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Laptop User\Desktop\boat
[2012/12/13 21:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/12/13 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/28 00:07:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.sys
[2009/01/28 22:49:30 | 022,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/01/11 23:55:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 23:55:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/11 23:52:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/11 18:51:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/11 09:37:57 | 063,502,340 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2013/01/11 02:22:54 | 000,000,185 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2013/01/11 00:06:30 | 000,444,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/11 00:06:30 | 000,072,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/10 17:17:03 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/09 19:43:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/09 19:36:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/21 03:37:56 | 002,371,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/17 04:47:09 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/13 21:41:41 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013/01/10 17:17:03 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/09 19:36:34 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013/01/09 19:36:29 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2013/01/09 19:33:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/09 19:33:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/09 19:33:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/09 19:33:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/09 19:33:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/26 18:05:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/26 05:02:55 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Laptop User\.packettracer
[2009/08/28 00:07:39 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.cat
[2009/08/28 00:07:39 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\pcouffin.inf
[2008/11/11 18:35:38 | 000,037,762 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\Comma Separated Values (Windows).ADR
[2008/09/29 01:04:23 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\LangueLaptop User.ini
[2008/09/19 01:41:15 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Laptop User\Application Data\WavCodec.wff
[2008/09/17 00:28:30 | 000,233,984 | ---- | C] () -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/27 16:00:06 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Laptop User\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2007/03/27 15:56:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

descriptionhijacked?? - Page 1 EmptyRe: hijacked??12th January 2013, 6:14 pm

more_horiz
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    [2010/05/19 13:23:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/27 02:42:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/26 21:16:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.

descriptionhijacked?? - Page 1 EmptyRe: hijacked??16th January 2013, 11:22 pm

more_horiz
i have copied the otl output file but it wont paste !!!
Cntrl v = ÿþA !!!

descriptionhijacked?? - Page 1 EmptyRe: hijacked??16th January 2013, 11:57 pm

more_horiz
I cannot run the ESET online scan. or run Combofix, Tigzy etc!!

windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them

descriptionhijacked?? - Page 1 EmptyRe: hijacked??

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum