Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get past hotmail security screen when logging in


  • This topic is locked This topic is locked
2 replies to this topic

#1 Horehound

Horehound

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 16 November 2010 - 11:19 PM

When I tried to login to my hotmail account I get this message:

Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?

But then I can't access my email. I can see that there are messages (next to the hotmail link there's (8) messages, and I appear to be logged in b/c I have the option to 'sign out' on msn. But I can't get past the security message. It comes up twice, then boots me back to the main msn screen.

I checked using another computer - no problems there.

I did run Combofix, so I do have a log. [Naturally I ran it before reading the direction "do not run unless told". Here's the resulting log.

ComboFix 10-11-16.04 - isabel 11/16/2010 19:16:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.977 [GMT -8:00]
Running from: c:\users\isabel\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 03:36 . 2010-11-17 03:36 -------- dc----w- c:\users\TEMP\AppData\Local\temp
2010-11-17 03:36 . 2010-11-17 03:36 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-11-17 03:36 . 2010-11-17 03:36 -------- d-----w- c:\users\Cullen\AppData\Local\temp
2010-11-17 03:15 . 2010-11-17 03:15 12568 -c--a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-11-17 01:39 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45E305A0-0F81-40C4-A3F0-7A37F74C845B}\mpengine.dll
2010-11-16 03:02 . 2010-11-16 03:02 -------- dc----w- c:\users\isabel\AppData\Roaming\mehdiplugins
2010-11-14 15:35 . 2010-11-14 15:35 15712 -c--a-w- c:\program files\Common Files\Windows Live\.cache\8dd15b581cb841101\MeshBetaRemover.exe
2010-11-10 01:09 . 2010-10-07 11:37 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-06 15:31 . 2010-11-06 15:36 -------- dc----w- c:\program files\Windows Live
2010-11-06 15:28 . 2010-11-06 15:28 -------- dc----w- c:\program files\MSN Toolbar
2010-11-06 15:28 . 2010-11-06 15:29 -------- dc----w- c:\program files\Bing Bar Installer
2010-11-06 15:27 . 2009-09-05 00:44 69464 -c--a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-06 15:27 . 2009-09-05 00:44 515416 -c--a-w- c:\windows\system32\XAudio2_5.dll
2010-11-06 15:26 . 2009-09-05 00:29 453456 -c--a-w- c:\windows\system32\d3dx10_42.dll
2010-11-06 15:24 . 2010-11-06 15:24 469256 -c--a-w- c:\program files\Common Files\Windows Live\.cache\9cf4273e1cb7dc61d\InstallManager_WLE_WLE.exe
2010-11-06 15:24 . 2010-11-08 23:27 -------- dc----w- c:\program files\Microsoft Silverlight
2010-11-06 15:22 . 2010-11-06 15:22 94040 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6262321e1cb7dc619\DSETUP.dll
2010-11-06 15:22 . 2010-11-06 15:22 525656 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6262321e1cb7dc619\DXSETUP.exe
2010-11-06 15:22 . 2010-11-06 15:22 1691480 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6262321e1cb7dc619\dsetup32.dll
2010-11-06 15:22 . 2010-11-06 15:22 94040 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6026e81e1cb7dc618\DSETUP.dll
2010-11-06 15:22 . 2010-11-06 15:22 525656 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6026e81e1cb7dc618\DXSETUP.exe
2010-11-06 15:22 . 2010-11-06 15:22 1691480 -c--a-w- c:\program files\Common Files\Windows Live\.cache\6026e81e1cb7dc618\dsetup32.dll
2010-11-06 15:20 . 2010-11-06 15:20 6260088 -c--a-w- c:\program files\Common Files\Windows Live\.cache\1f5c7b1e1cb7dc60e\Silverlight.4.0.exe
2010-11-06 15:18 . 2010-11-06 15:18 -------- dc----w- c:\users\isabel\AppData\Local\Windows Live
2010-11-06 15:16 . 2009-08-04 08:02 754688 -c--a-w- c:\windows\system32\webservices.dll
2010-10-26 23:18 . 2010-08-26 16:34 1696256 -c--a-w- c:\windows\system32\gameux.dll
2010-10-26 23:18 . 2010-08-26 16:33 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 23:18 . 2010-08-26 14:23 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-03 12:56 222080 -c----w- c:\windows\system32\MpSigStub.exe
2010-10-01 02:26 . 2010-10-01 02:26 222140 -c--a-w- c:\programdata\SPL985.tmp
2010-09-19 19:36 . 2010-09-19 19:36 543520 -c--a-w- c:\programdata\SPL895A.tmp
2010-09-19 19:31 . 2010-09-19 19:31 543520 -c--a-w- c:\programdata\SPL8CD4.tmp
2010-09-13 13:56 . 2010-10-14 01:52 8147456 -c--a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 01:49 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 01:49 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 01:49 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 01:49 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-14 01:49 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-14 01:49 385024 -c--a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 01:49 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 01:49 1638912 -c--a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 01:51 125952 -c--a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 01:51 17920 -c--a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 01:51 304128 -c--a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 01:51 145408 -c--a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 01:51 102400 -c--a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 01:48 954752 -c--a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 01:48 954288 -c--a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 01:47 531968 -c--a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 01:53 2038272 -c--a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 01:50 157184 -c--a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-26 23:18 173056 -c--a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 23:18 2159616 -c--a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-26 23:18 542720 -c--a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 23:18 458752 -c--a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-14 01:48 867328 -c--a-w- c:\windows\system32\wmpmde.dll
2010-06-23 15:28 . 2008-08-09 02:55 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 18:36 2848568 -c--a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 18:36 2848568 -c--a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-09-01 1460560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133912]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2007-08-17 716800]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2009-04-24 331851]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-18 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-10 1154848]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-12-18 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Backup Monitor.lnk
backup=c:\windows\pss\WD Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 10:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 11:28 11989960 -c--a-w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 15:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-23 15:28 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-18 14:07 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2007-12-30 16:58 339968 ----a-w- c:\windows\System32\WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe [2007-06-26 598664]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-24 16:24]

2010-11-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - isabel.job
- c:\program files\Norton Internet Security\Engine\17.8.0.5\navw32.exe [2010-09-21 19:24]

2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{EECE74B7-1148-48C8-9839-5E4E395B819C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bhuz.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\isabel\AppData\Roaming\Mozilla\Firefox\Profiles\44kp5lqm.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\isabel\AppData\Roaming\Mozilla\Firefox\Profiles\44kp5lqm.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\users\isabel\AppData\Roaming\Mozilla\Firefox\Profiles\44kp5lqm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-PCMService - c:\program files\Dell\MediaDirect\PCMService.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 19:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x00720061

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,8f,38,9f,92,fe,1b,40,ac,ef,e7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,8f,38,9f,92,fe,1b,40,ac,ef,e7,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6056)
c:\program files\MozyHome\mozyshell.dll
.
Completion time: 2010-11-16 19:43:13
ComboFix-quarantined-files.txt 2010-11-17 03:43

Pre-Run: 102,008,901,632 bytes free
Post-Run: 102,318,596,096 bytes free

- - End Of File - - CE5EA269A57734864E88E606BC1BECCC

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:42 AM

Posted 26 November 2010 - 09:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:42 AM

Posted 01 December 2010 - 08:45 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users